TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2c5363e58b92c245e03dd0ad3997622d6bedf320^! / . / library / ssl_tls13_client.c
commit2c5363e58b92c245e03dd0ad3997622d6bedf320[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Thu Aug 04 17:42:49 2022 +0800
committerJerry Yu <jerry.h.yu@arm.com>Mon Oct 31 16:41:42 2022 +0800
tree3b261928410fa90f7cefc081422b34d4c2c320de
parent2eaa76044b13e6ced8d828438629718c3221cc2f [diff] [blame]
Add extension check for ServerHello and HRR

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 599f488..f42e591 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -1496,6 +1496,7 @@
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     size_t extensions_len;
     const unsigned char *extensions_end;
+    uint32_t extensions_present, allowed_extension_mask;
     uint16_t cipher_suite;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
     int fatal_alert = 0;
@@ -1641,6 +1642,11 @@
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );
 
+    extensions_present = MBEDTLS_SSL_EXT_NONE;
+    allowed_extension_mask = is_hrr ?
+                                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR :
+                                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH;
+
     while( p < extensions_end )
     {
         unsigned int extension_type;
@@ -1655,6 +1661,24 @@
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
         extension_data_end = p + extension_data_len;
 
+        /* RFC 8446 page 35
+         *
+         * If an implementation receives an extension which it recognizes and which
+         * is not specified for the message in which it appears, it MUST abort the
+         * handshake with an "illegal_parameter" alert.
+         */
+        extensions_present |= mbedtls_tls13_get_extension_mask( extension_type );
+        MBEDTLS_SSL_DEBUG_MSG( 3,
+                    ( "%s: received %s(%u) extension",
+                      is_hrr ? "hello retry request" : "server hello",
+                      mbedtls_tls13_get_extension_name( extension_type ),
+                      extension_type ) );
+        if( ( extensions_present & allowed_extension_mask ) == 0 )
+        {
+            fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
+            goto cleanup;
+        }
+
         switch( extension_type )
         {
             case MBEDTLS_TLS_EXT_COOKIE:
@@ -1727,18 +1751,32 @@
                 break;
 
             default:
-                MBEDTLS_SSL_DEBUG_MSG(
-                    3,
-                    ( "unknown extension found: %u ( ignoring )",
+                MBEDTLS_SSL_DEBUG_MSG( 3,
+                    ( "%s: ignore %s(%u) extension",
+                      is_hrr ? "hello retry request" : "server hello",
+                      mbedtls_tls13_get_extension_name( extension_type ),
                       extension_type ) );
-
-                fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
-                goto cleanup;
+                break;
         }
 
         p += extension_data_len;
     }
 
+    MBEDTLS_SSL_TLS1_3_PRINT_EXTS(
+        3, is_hrr ? "HelloRetryRequest" : "ServerHello", extensions_present );
+
+    /* RFC 8446 page 102
+     * -  "supported_versions" is REQUIRED for all ClientHello, ServerHello, and
+     *    HelloRetryRequest messages.
+     */
+    if( ( extensions_present & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1,
+                    ( "%s: supported_versions not found",
+                      is_hrr ? "hello retry request" : "server hello" ) );
+        fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
+    }
+
 cleanup:
 
     if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT )