From 263dbf71679c359be8549e111fcd0160a1ed1ed4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 26 Oct 2022 10:51:27 +0800 Subject: [PATCH] tls13: srv: Do not allow early data indication in 2nd ClientHello Signed-off-by: Jerry Yu Signed-off-by: Ronald Cron --- library/ssl_tls13_server.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6e87d7b9d..93748a6a2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1533,6 +1533,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, unsigned int extension_type; size_t extension_data_len; const unsigned char *extension_data_end; + uint32_t allowed_exts = MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH; + + if (ssl->handshake->hello_retry_request_count > 0) { + /* Do not accept early data extension in 2nd ClientHello */ + allowed_exts &= ~MBEDTLS_SSL_EXT_MASK(EARLY_DATA); + } /* RFC 8446, section 4.2.11 * @@ -1560,7 +1566,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH); + allowed_exts); if (ret != 0) { return ret; }