TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2a674937dd0ac288b2ac5d56222ce345d81f940a^! / . / library / ssl_tls13_client.c
commit2a674937dd0ac288b2ac5d56222ce345d81f940a[log] [tgz]
authorXiaokang Qian <xiaokang.qian@arm.com>Wed Jan 04 03:15:09 2023 +0000
committerXiaokang Qian <xiaokang.qian@arm.com>Wed Feb 08 05:46:48 2023 +0000
tree4511483291cc89532330605037f31a42d50f0edf
parent5b410075cf204f83cea500feec4df4e069990425 [diff] [blame]
Pend a illeagal allert when selected_identity isn't 0

Handshake should abort will illeagal parameter allert when
receiving early data extentions but the selected_identity
parsed from pre-share key isn't equal to 0.

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 7a0f6b8..a9ce4ed 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -1093,6 +1093,7 @@
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 2);
     selected_identity = MBEDTLS_GET_UINT16_BE(buf, 0);
+    ssl->handshake->selected_identity = (uint16_t) selected_identity;
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("selected_identity = %d", selected_identity));
 
@@ -2096,6 +2097,18 @@
                                                  MBEDTLS_ERR_SSL_DECODE_ERROR);
                     return MBEDTLS_ERR_SSL_DECODE_ERROR;
                 }
+                if (ssl->handshake->selected_identity != 0) {
+                    /* RFC8446 4.2.11
+                     * If the server supplies an "early_data" extension, the
+                     * client MUST verify that the server's selected_identity
+                     * is 0. If any other value is returned, the client MUST
+                     * abort the handshake with an "illegal_parameter" alert.
+                     */
+                    MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                        MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+                    return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+                }
 
                 break;
 #endif /* MBEDTLS_SSL_EARLY_DATA */