Fix transcript issues and add cases against openssl
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 8e4e968..afe07e8 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -899,6 +899,9 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
{
+ mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ msg_len );
+ ssl->handshake->update_checksum( ssl, buf, msg_len - binders_len );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if( binders_len > 0 )
@@ -907,10 +910,10 @@
mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
ssl, buf + msg_len - binders_len, buf + msg_len ) );
}
+ ssl->handshake->update_checksum( ssl, buf + msg_len - binders_len,
+ binders_len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
- mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
- buf, msg_len );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
buf_len,
msg_len ) );
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 30c3c3a..f55dede 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1336,6 +1336,9 @@
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len );
/*
* Update checksum of handshake messages.
*/
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e60b82f..5a72fed 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -532,9 +532,9 @@
}
}
-static void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len )
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len )
{
unsigned char hs_hdr[4];
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 6e82631..43a8486 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -810,6 +810,8 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
+ const unsigned char *psk_identity;
+ size_t psk_identity_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
psa_algorithm_t psa_hash_alg;
int hash_len = 0;
@@ -819,6 +821,12 @@
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len;
+ if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+ &psk_identity, &psk_identity_len ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite );
if( ciphersuite_info == NULL )