From 3b9034544e7fd2f5dc634795c8c3996506de7a10 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 1 Feb 2024 18:11:05 +0100 Subject: [PATCH] Revert "tls13: Introduce early_data_state SSL context field" This reverts commit 0883b8b625a5531f2fc8a61b6b0417f00f76f91e. Due to the scope reduction of mbedtls_ssl_read_early_data() it is not necessary anymore to refine the usage of early_data_status/state rather the opposite. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 61 +++++++++---------------------------- library/ssl_debug_helpers.h | 5 --- library/ssl_misc.h | 24 +++++++++++++++ library/ssl_tls.c | 8 ++++- library/ssl_tls13_client.c | 14 ++++----- library/ssl_tls13_server.c | 22 ++++++------- 6 files changed, 64 insertions(+), 70 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2aae32ea2..635804d3a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1622,49 +1622,6 @@ struct mbedtls_ssl_config { #endif }; -#if defined(MBEDTLS_SSL_EARLY_DATA) -enum mbedtls_ssl_cli_early_data_state { - MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT, - MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED, - MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED -}; - -/* - * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH: - * The server is waiting for the ClientHello. - * - * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING: - * The server has received a ClientHello indicating early data and has - * accepted them. It is now expecting early data and the end of early - * data message. - * - * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED: - * The server has received a ClientHello indicating early data and has - * rejected them. - * - * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED: - * The server has received a ClientHello, no indication of early data. - * - * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED - * The server has received the early data extension, it has accepted early - * data and received the end of early data message from the client marking - * the end of early data reception. - */ - -enum mbedtls_ssl_srv_early_data_state { - MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH, - MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING, - MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED, - MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED, - MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED -}; - -union mbedtls_ssl_early_data_state { - enum mbedtls_ssl_cli_early_data_state cli; - enum mbedtls_ssl_srv_early_data_state srv; -}; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - struct mbedtls_ssl_context { const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */ @@ -1699,10 +1656,22 @@ struct mbedtls_ssl_context { #if defined(MBEDTLS_SSL_EARLY_DATA) /** - * State of the sending (client side) or reception (server side) of early - * data. Reset to the initial state at the beginning of a new handshake. + * On client side, status of the negotiation of the use of early data. + * See the documentation of mbedtls_ssl_get_early_data_status() for more + * information. + * + * On server side, internal only, status of early data in the course of an + * handshake. One of MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, + * #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED, + * #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED, + * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED and + * MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED. + * + * Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or + * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, at the beginning of a new + * handshake. */ - union mbedtls_ssl_early_data_state MBEDTLS_PRIVATE(early_data_state); + int MBEDTLS_PRIVATE(early_data_status); #endif unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 3410c9022..2b0e73772 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -49,11 +49,6 @@ void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl, unsigned int flags); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_EARLY_DATA) -const char *mbedtls_ssl_cli_early_data_state_str(enum mbedtls_ssl_cli_early_data_state in); -const char *mbedtls_ssl_srv_early_data_state_str(enum mbedtls_ssl_srv_early_data_state in); -#endif - #define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask) \ mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__, \ hs_msg_type, extensions_mask, NULL) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2a488bbdb..943940826 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2130,6 +2130,30 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, size_t *out_len); + +#if defined(MBEDTLS_SSL_SRV_C) +/* Additional internal early data status, server side only. */ +/* + * The server has not received the ClientHello yet, the status of early data + * is thus unknown. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \ + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT + +/* + * The server has received the ClientHello, it contained no early data + * extension. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3 + +/* + * The server has received the early data extension, it has accepted early + * data and received the end of early data message from the client marking the + * end of early data reception. + */ +#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4 +#endif /* MBEDTLS_SSL_SRV_C */ + #endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 50a8cd209..72db821a6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1099,7 +1099,13 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - ssl->early_data_state.cli = 0; +#if defined(MBEDTLS_SSL_SRV_C) + MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0, + "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0"); +#endif + MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0, + "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0"); + ssl->early_data_status = 0; #endif /* Initialize structures */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 94bbfe85a..76f0f1896 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1195,10 +1195,10 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, * `accepted` if the EncryptedExtension message contain an early data * indication extension. */ - ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; } else { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension")); - ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1235,7 +1235,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) size_t psk_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) { + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); @@ -1916,7 +1916,7 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) * cases we compute it here. */ #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT || + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT || handshake->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) #endif @@ -2228,7 +2228,7 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; } #endif @@ -2565,9 +2565,9 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED) { + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - } else if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) { + } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else #endif /* MBEDTLS_SSL_EARLY_DATA */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5b90dd5c7..4bdb7e7b8 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1780,8 +1780,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_EARLY_DATA) -static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl, - int hrr_required) +static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, + int hrr_required) { mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1789,11 +1789,11 @@ static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl, MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: no early data extension received.")); - ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED; return; } - ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { MBEDTLS_SSL_DEBUG_MSG( @@ -1856,7 +1856,7 @@ static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl, return; } - ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1890,9 +1890,9 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) /* There is enough information, update early data status. */ - ssl_tls13_update_early_data_state(ssl, hrr_required); + ssl_tls13_update_early_data_status(ssl, hrr_required); - if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) { + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { ret = mbedtls_ssl_tls13_compute_early_transform(ssl); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( @@ -2541,7 +2541,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) { + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, 0, p, end, &output_len); if (ret != 0) { @@ -2868,7 +2868,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) { + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { /* See RFC 8446 section A.2 for more information */ MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early keys for inbound traffic. " @@ -3015,8 +3015,8 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data( ssl, buf, buf + buf_len)); - ssl->early_data_state.srv = - MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED; + ssl->early_data_status = + MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED; MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to handshake keys for inbound traffic"