Check that we have all the proper keys
The proper keys should be set at the end of
the handshake, if not, fail the handshake.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4871885..08d4fd3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2344,7 +2344,6 @@
{
volatile int ret;
- ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
/*
* Generate (part of) the pre-master secret as
* struct {
@@ -2396,7 +2395,6 @@
MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
mbedtls_pk_context *peer_pk = NULL;
- ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
if( buflen < len_bytes )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7d00797..e70dd12 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3980,7 +3980,6 @@
unsigned int diff;
volatile unsigned int pmscounter = 0;
- ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
/* In case of a failure in decryption, the decryption may write less than
* 2 bytes of output, but we always read the first two bytes. It doesn't
* matter in the end because diff will be nonzero in that case due to
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4fc6aa8..2068336 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1974,7 +1974,6 @@
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
- ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
#if defined(MBEDTLS_USE_TINYCRYPT)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
@@ -2159,7 +2158,6 @@
unsigned char *end = p + sizeof( ssl->handshake->premaster );
const unsigned char *psk = ssl->conf->psk;
size_t psk_len = ssl->conf->psk_len;
- ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
/* If the psk callback was called, use its result */
if( ssl->handshake->psk != NULL )
@@ -7977,7 +7975,9 @@
mbedtls_platform_enforce_volatile_reads();
if( ssl->handshake->resume )
{
+ /* When doing session resume, no premaster or peer authentication */
ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
+ ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
}
else
{
@@ -7997,13 +7997,41 @@
else
{
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+ goto cleanup;
}
}
else
{
ret = MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED;
+ goto cleanup;
}
+ if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
+ ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
+ ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
+ {
+ mbedtls_platform_enforce_volatile_reads();
+ if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
+ ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
+ ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
+ {
+ ret = 0;
+ }
+ else
+ {
+ ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+ goto cleanup;
+ }
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "hello random %d", ssl->handshake->hello_random_set ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "key_derivation_done %d", ssl->handshake->key_derivation_done ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "premaster_generated %d", ssl->handshake->premaster_generated ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ }
+
+cleanup:
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake->flight != NULL )