Revert "tls13: Introduce early_data_state SSL context field"

This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

include/mbedtls/ssl.h

@@ -1622,49 +1622,6 @@ struct mbedtls_ssl_config {
 #endif
 };
 
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-enum mbedtls_ssl_cli_early_data_state {
-    MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT,
-    MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED,
-    MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED
-};
-
-/*
- * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH:
- *     The server is waiting for the ClientHello.
- *
- * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING:
- *     The server has received a ClientHello indicating early data and has
- *     accepted them. It is now expecting early data and the end of early
- *     data message.
- *
- * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED:
- *     The server has received a ClientHello indicating early data and has
- *     rejected them.
- *
- * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED:
- *     The server has received a ClientHello, no indication of early data.
- *
- * MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED
- *     The server has received the early data extension, it has accepted early
- *     data and received the end of early data message from the client marking
- *     the end of early data reception.
- */
-
-enum mbedtls_ssl_srv_early_data_state {
-    MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH,
-    MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING,
-    MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED,
-    MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED,
-    MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED
-};
-
-union mbedtls_ssl_early_data_state {
-    enum mbedtls_ssl_cli_early_data_state cli;
-    enum mbedtls_ssl_srv_early_data_state srv;
-};
-#endif /* MBEDTLS_SSL_EARLY_DATA */
-
 struct mbedtls_ssl_context {
     const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information          */
 
@@ -1699,10 +1656,22 @@ struct mbedtls_ssl_context {
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     /**
-     *  State of the sending (client side) or reception (server side) of early
+     *  On client side, status of the negotiation of the use of early data.
-     *  data. Reset to the initial state at the beginning of a new handshake.
+     *  See the documentation of mbedtls_ssl_get_early_data_status() for more
+     *  information.
+     *
+     *  On server side, internal only, status of early data in the course of an
+     *  handshake. One of MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN,
+     *  #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED,
+     *  #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED,
+     *  MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED and
+     *  MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED.
+     *
+     *  Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or
+     *  MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, at the beginning of a new
+     *  handshake.
      */
-    union mbedtls_ssl_early_data_state MBEDTLS_PRIVATE(early_data_state);
+    int MBEDTLS_PRIVATE(early_data_status);
 #endif
 
     unsigned MBEDTLS_PRIVATE(badmac_seen);       /*!< records with a bad MAC received    */

library/ssl_debug_helpers.h

@@ -49,11 +49,6 @@ void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl,
                                     unsigned int flags);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
 
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-const char *mbedtls_ssl_cli_early_data_state_str(enum mbedtls_ssl_cli_early_data_state in);
-const char *mbedtls_ssl_srv_early_data_state_str(enum mbedtls_ssl_srv_early_data_state in);
-#endif
-
 #define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask)            \
     mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__,       \
                                  hs_msg_type, extensions_mask, NULL)

library/ssl_misc.h

@@ -2130,6 +2130,30 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
                                            unsigned char *buf,
                                            const unsigned char *end,
                                            size_t *out_len);
+
+#if defined(MBEDTLS_SSL_SRV_C)
+/* Additional internal early data status, server side only. */
+/*
+ * The server has not received the ClientHello yet, the status of early data
+ * is thus unknown.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \
+    MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
+
+/*
+ * The server has received the ClientHello, it contained no early data
+ * extension.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3
+
+/*
+ * The server has received the early data extension, it has accepted early
+ * data and received the end of early data message from the client marking the
+ * end of early data reception.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4
+#endif /* MBEDTLS_SSL_SRV_C */
+
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

library/ssl_tls.c

@@ -1099,7 +1099,13 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
     }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    ssl->early_data_state.cli = 0;
+#if defined(MBEDTLS_SSL_SRV_C)
+    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0,
+                          "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0");
+#endif
+    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0,
+                          "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0");
+    ssl->early_data_status = 0;
 #endif
 
     /* Initialize structures */

library/ssl_tls13_client.c

@@ -1195,10 +1195,10 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
          * `accepted` if the EncryptedExtension message contain an early data
          * indication extension.
          */
-        ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED;
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
     } else {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension"));
-        ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT;
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
     }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
@@ -1235,7 +1235,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
     size_t psk_len;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
-    if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) {
+    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Set hs psk for early data when writing the first psk"));
 
@@ -1916,7 +1916,7 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
      * cases we compute it here.
      */
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT ||
+    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT ||
         handshake->key_exchange_mode ==
         MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL)
 #endif
@@ -2228,7 +2228,7 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
             return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
-        ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED;
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
     }
 #endif
 
@@ -2565,9 +2565,9 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl)
     }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED) {
+    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
         mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
-    } else if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) {
+    } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
         mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
     } else
 #endif /* MBEDTLS_SSL_EARLY_DATA */

library/ssl_tls13_server.c

@@ -1780,8 +1780,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
 }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl,
+static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
-                                              int hrr_required)
+                                               int hrr_required)
 {
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
@@ -1789,11 +1789,11 @@ static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl,
          MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("EarlyData: no early data extension received."));
-        ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED;
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED;
         return;
     }
 
-    ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED;
+    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
 
     if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
         MBEDTLS_SSL_DEBUG_MSG(
@@ -1856,7 +1856,7 @@ static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl,
         return;
     }
 
-    ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING;
+    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
 
 }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1890,9 +1890,9 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     /* There is enough information, update early data status. */
-    ssl_tls13_update_early_data_state(ssl, hrr_required);
+    ssl_tls13_update_early_data_status(ssl, hrr_required);
 
-    if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) {
+    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
         ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
         if (ret != 0) {
             MBEDTLS_SSL_DEBUG_RET(
@@ -2541,7 +2541,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) {
+    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
         ret = mbedtls_ssl_tls13_write_early_data_ext(
             ssl, 0, p, end, &output_len);
         if (ret != 0) {
@@ -2868,7 +2868,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl)
     }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) {
+    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
         /* See RFC 8446 section A.2 for more information */
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Switch to early keys for inbound traffic. "
@@ -3015,8 +3015,8 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl)
         MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data(
                                  ssl, buf, buf + buf_len));
 
-        ssl->early_data_state.srv =
+        ssl->early_data_status =
-            MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED;
+            MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED;
 
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Switch to handshake keys for inbound traffic"