commit 592021aceb44f15755ea3c4a10c44aa70ff08578
author Xiaokang Qian <xiaokang.qian@arm.com> Wed Jan 04 10:47:05 2023 +0000
committer Xiaokang Qian <xiaokang.qian@arm.com> Wed Feb 08 05:47:47 2023 +0000
tree a56efbe0299ffbe633fc00067f4ab363782eb57e
parent 303f82c5b9e05e051e1cdb543665d3b265c9546c

Add CCS after client hello in case of early data and comp mode

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 517a063..8bc8fd0 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -677,6 +677,7 @@
     MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
     MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO,
     MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO,
+    MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO,
     MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST,
     MBEDTLS_SSL_HANDSHAKE_OVER,
     MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET,

library/ssl_client.c

diff --git a/library/ssl_client.c b/library/ssl_client.c
index 7acb725..62af0f9 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -964,6 +964,18 @@
                                                               msg_len));
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+        if ((ssl->handshake->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3) &&
+            (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3)) {
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+            mbedtls_ssl_handshake_set_state(
+                ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO);
+#else
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+        } else
+#endif
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         mbedtls_ssl_tls13_finalize_write_client_hello(ssl);
 #endif
 

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 252c217..57843a5 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1221,9 +1221,7 @@
     const unsigned char *psk;
     size_t psk_len;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-#endif
-    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
-#if defined(MBEDTLS_SSL_EARLY_DATA)
+
     if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Set hs psk for early data when writing the first psk"));
@@ -1265,10 +1263,6 @@
             return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG(
-            1, ("Switch to early data keys for outbound traffic"));
-        mbedtls_ssl_set_outbound_transform(
-            ssl, ssl->handshake->transform_earlydata);
     }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
     return 0;
@@ -2959,6 +2953,17 @@
                 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
             }
             break;
+        case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+            if (ret == 0) {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
+
+                MBEDTLS_SSL_DEBUG_MSG(
+                    1, ("Switch to early data keys for outbound traffic"));
+                mbedtls_ssl_set_outbound_transform(
+                    ssl, ssl->handshake->transform_earlydata);
+            }
+            break;
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)