diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 610ed2711..bf3085291 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1621,6 +1621,49 @@ struct mbedtls_ssl_config { #endif }; +#if defined(MBEDTLS_SSL_EARLY_DATA) +enum mbedtls_ssl_cli_early_data_state { + MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT, + MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED, + MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED +}; + +/* + * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH: + * The server is waiting for the ClientHello. + * + * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING: + * The server has received a ClientHello indicating early data and has + * accepted them. It is now expecting early data and the end of early + * data message. + * + * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED: + * The server has received a ClientHello indicating early data and has + * rejected them. + * + * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED: + * The server has received a ClientHello, no indication of early data. + * + * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED + * The server has received the early data extension, it has accepted early + * data and received the end of early data message from the client marking + * the end of early data reception. + */ + +enum mbedtls_ssl_srv_early_data_state { + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH, + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING, + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED, + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED, + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED +}; + +union mbedtls_ssl_early_data_state { + enum mbedtls_ssl_cli_early_data_state cli; + enum mbedtls_ssl_srv_early_data_state srv; +}; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + struct mbedtls_ssl_context { const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */ @@ -1655,22 +1698,10 @@ struct mbedtls_ssl_context { #if defined(MBEDTLS_SSL_EARLY_DATA) /** - * On client side, status of the negotiation of the use of early data. - * See the documentation of mbedtls_ssl_get_early_data_status() for more - * information. - * - * On server side, internal only, status of early data in the course of an - * handshake. One of MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, - * #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED, - * #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED, - * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED and - * MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED. - * - * Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or - * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, at the beginning of a new - * handshake. + * State of the sending (client side) or reception (server side) of early + * data. Reset to the initial state at the beginning of a new handshake. */ - int MBEDTLS_PRIVATE(early_data_status); + union mbedtls_ssl_early_data_state MBEDTLS_PRIVATE(early_data_state); #endif unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 2b0e73772..3410c9022 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -49,6 +49,11 @@ void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl, unsigned int flags); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_EARLY_DATA) +const char *mbedtls_ssl_cli_early_data_state_str(enum mbedtls_ssl_cli_early_data_state in); +const char *mbedtls_ssl_srv_early_data_state_str(enum mbedtls_ssl_srv_early_data_state in); +#endif + #define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask) \ mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__, \ hs_msg_type, extensions_mask, NULL) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 943940826..2a488bbdb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2130,30 +2130,6 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, size_t *out_len); - -#if defined(MBEDTLS_SSL_SRV_C) -/* Additional internal early data status, server side only. */ -/* - * The server has not received the ClientHello yet, the status of early data - * is thus unknown. - */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \ - MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT - -/* - * The server has received the ClientHello, it contained no early data - * extension. - */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3 - -/* - * The server has received the early data extension, it has accepted early - * data and received the end of early data message from the client marking the - * end of early data reception. - */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4 -#endif /* MBEDTLS_SSL_SRV_C */ - #endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 825ca8fe9..c6ba1158d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5888,8 +5888,10 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA; } - if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) && - (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) { + if ((ssl->early_data_state.srv != + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH) && + (ssl->early_data_state.srv != + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING)) { return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 72db821a6..50a8cd209 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1099,13 +1099,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) -#if defined(MBEDTLS_SSL_SRV_C) - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0, - "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0"); -#endif - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0, - "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0"); - ssl->early_data_status = 0; + ssl->early_data_state.cli = 0; #endif /* Initialize structures */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 76f0f1896..94bbfe85a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1195,10 +1195,10 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, * `accepted` if the EncryptedExtension message contain an early data * indication extension. */ - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED; } else { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension")); - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; + ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1235,7 +1235,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) size_t psk_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { + if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); @@ -1916,7 +1916,7 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) * cases we compute it here. */ #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT || + if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT || handshake->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) #endif @@ -2228,7 +2228,7 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED; } #endif @@ -2565,9 +2565,9 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { + } else if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else #endif /* MBEDTLS_SSL_EARLY_DATA */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6933d1a05..9fcea5821 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1780,8 +1780,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_EARLY_DATA) -static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, - int hrr_required) +static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl, + int hrr_required) { mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1789,11 +1789,11 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: no early data extension received.")); - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED; + ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED; return; } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED; if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { MBEDTLS_SSL_DEBUG_MSG( @@ -1856,7 +1856,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, return; } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1890,9 +1890,9 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) /* There is enough information, update early data status. */ - ssl_tls13_update_early_data_status(ssl, hrr_required); + ssl_tls13_update_early_data_state(ssl, hrr_required); - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) { ret = mbedtls_ssl_tls13_compute_early_transform(ssl); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( @@ -2541,7 +2541,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) { ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, 0, p, end, &output_len); if (ret != 0) { @@ -2868,7 +2868,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) { /* See RFC 8446 section A.2 for more information */ MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early keys for inbound traffic. " @@ -3011,8 +3011,8 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data( ssl, buf, buf + buf_len)); - ssl->early_data_status = - MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED; + ssl->early_data_state.srv = + MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED; MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to handshake keys for inbound traffic"