TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7e38cba99314e61415d0e50dce97a20ac4271267^! / . / library / ssl_msg.c
commit7e38cba99314e61415d0e50dce97a20ac4271267[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Wed Nov 24 12:43:39 2021 +0100
committerRonald Cron <ronald.cron@arm.com>Thu Dec 09 13:40:22 2021 +0100
treeef36555748135121bc8f7dec4ef07d45b7d85ebe
parentab65c529448c22fbfc4b60ff71fdf2f2f4d000ec [diff] [blame]
Add incoming ChangeCipherSpec filtering in TLS 1.3

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 286294f..f7e40b1 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -3335,6 +3335,20 @@
     MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
                            rec->buf, rec->buf_len );
 
+    /*
+     * In TLS 1.3, always treat ChangeCipherSpec records
+     * as unencrypted. The only thing we do with them is
+     * check the length and content and ignore them.
+     */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if( ssl->transform_in != NULL &&
+        ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+    {
+        if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+            done = 1;
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     if( !done && ssl->transform_in != NULL )
     {
         unsigned char const old_msg_type = rec->type;
@@ -4385,6 +4399,21 @@
             return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
         }
 #endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+        {
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+            MBEDTLS_SSL_DEBUG_MSG( 1,
+                ( "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" ) );
+            return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+#else
+            MBEDTLS_SSL_DEBUG_MSG( 1,
+                ( "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
     }
 
     if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )