TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b95dd3683b99d5a34876952f65d915656804c819^! / . / library
commitb95dd3683b99d5a34876952f65d915656804c819[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Tue Nov 08 21:19:34 2022 +0800
committerJerry Yu <jerry.h.yu@arm.com>Tue Nov 08 23:51:38 2022 +0800
tree7d2819410803f61150de6d1111252c6895ad165a
parentc437ee3bac80e52b5d6d637f6816426fb12a7c2a [diff]
Add missing mask set and tls13 unrecognized extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 77b091d..ad8754c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -144,6 +144,7 @@
               MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC )                       | \
               MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET )                 | \
               MBEDTLS_SSL_EXT_MASK( SESSION_TICKET )                         | \
+              MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC )                         | \
               MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) )
 
 /* RFC 8446 section 4.2. Allowed extensions for ClienHello */

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cf71d26..4787ca0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -9155,6 +9155,11 @@
     p[6] = MBEDTLS_BYTE_0( protocol_name_len );
 
     memcpy( p + 7, ssl->alpn_chosen, protocol_name_len );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
+#endif
+
     return ( 0 );
 }
 #endif /* MBEDTLS_SSL_ALPN */

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 378ce8f..051afa2 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -700,6 +700,8 @@
     MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u",
                                 ssl->handshake->selected_identity ) );
 
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
+
     return( 0 );
 }
 
@@ -1812,6 +1814,9 @@
 
     *out_len = 6;
 
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+        ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
+
     return( 0 );
 }
 
@@ -1918,6 +1923,8 @@
 
     *out_len = p - buf;
 
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+
     return( 0 );
 }
 
@@ -1982,6 +1989,8 @@
 
     *out_len = 6;
 
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+
     return( 0 );
 }