TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move TLS 1.3 verify-result setting for PSK

Browse Source 
When we are doing PSK, we'd like to set verify_result to
MBEDTLS_X509_BADCERT_SKIP_VERIFY. Previously this was done in
mbedtls_ssl_set_hs_psk() but this is inadequate since this function may
be called for early data (where certificate verification happens later
in the handshake.

Instead, set this value after writing / processing the encrypted
extensions on the server / client respectively, so that we know whether
we are doing certificate verification or not for sure. This change is
effective only for TLS 1.3 as TLS 1.2 sets verify_result for PSK in
ssl_parse_certificate_coordinate().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann
2026-03-10 15:08:04 +00:00
parent 37e3dcf00d
commit 624fc2e0de
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
library/ssl_tls.c
View File

@@ -2018,9 +2018,6 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
/* Since we're not using a certificate, set verify_result to skipped */
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
/* Allow calling psa_destroy_key() on psk remove */
ssl->handshake->psk_opaque_is_internal = 1;
return mbedtls_ssl_set_hs_psk_opaque(ssl, key);

3
library/ssl_tls13_client.c
View File

@@ -2264,6 +2264,9 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
/* Since we're not using a certificate, set verify_result to skipped */
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
} else {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST);
}

3
library/ssl_tls13_server.c
View File

@@ -2616,6 +2616,9 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
/* Since we're not using a certificate, set verify_result to skipped */
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
} else {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST);
}