commit 06164057b3c3130c42cb3496663264415f1333bd
author Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 14:40:36 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 14:40:36 2019 +0200
tree 26c831482b389f9266dd8e0641bd4ef562d29029
parent e1621d47005f8aff6422678b0f003209168c5332

Check that we have all the proper keys

The proper keys should be set at the end of
the handshake, if not, fail the handshake.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4fc6aa8..2068336 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1974,7 +1974,6 @@
 
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
-    ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
 #if defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
         == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA                       ||
@@ -2159,7 +2158,6 @@
     unsigned char *end = p + sizeof( ssl->handshake->premaster );
     const unsigned char *psk = ssl->conf->psk;
     size_t psk_len = ssl->conf->psk_len;
-    ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
 
     /* If the psk callback was called, use its result */
     if( ssl->handshake->psk != NULL )
@@ -7977,7 +7975,9 @@
         mbedtls_platform_enforce_volatile_reads();
         if( ssl->handshake->resume )
         {
+            /* When doing session resume, no premaster or peer authentication */
             ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
+            ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
         }
         else
         {
@@ -7997,13 +7997,41 @@
         else
         {
             ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+            goto cleanup;
         }
     }
     else
     {
         ret = MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED;
+        goto cleanup;
     }
 
+    if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
+        ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
+        ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
+    {
+        mbedtls_platform_enforce_volatile_reads();
+        if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
+            ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
+            ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
+        {
+            ret = 0;
+        }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+            goto cleanup;
+        }
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "hello random %d", ssl->handshake->hello_random_set ) );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "key_derivation_done %d", ssl->handshake->key_derivation_done ) );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "premaster_generated %d", ssl->handshake->premaster_generated ) );
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
+
+cleanup:
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
         ssl->handshake->flight != NULL )