diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 635804d3a..b0633609d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1654,22 +1654,14 @@ struct mbedtls_ssl_context { */ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); -#if defined(MBEDTLS_SSL_EARLY_DATA) +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) /** - * On client side, status of the negotiation of the use of early data. + * Status of the negotiation of the use of early data. * See the documentation of mbedtls_ssl_get_early_data_status() for more * information. * - * On server side, internal only, status of early data in the course of an - * handshake. One of MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, - * #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED, - * #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED, - * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED and - * MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED. - * - * Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or - * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, at the beginning of a new - * handshake. + * Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT when the context is + * reset. */ int MBEDTLS_PRIVATE(early_data_status); #endif diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 943940826..c9632f97b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -650,6 +650,10 @@ struct mbedtls_ssl_handshake_params { /* Flag indicating if a CertificateRequest message has been sent * to the client or not. */ uint8_t certificate_request_sent; +#if defined(MBEDTLS_SSL_EARLY_DATA) + /* Flag indicating if the server has accepted early data or not. */ + uint8_t early_data_accepted; +#endif #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) @@ -2130,30 +2134,6 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, size_t *out_len); - -#if defined(MBEDTLS_SSL_SRV_C) -/* Additional internal early data status, server side only. */ -/* - * The server has not received the ClientHello yet, the status of early data - * is thus unknown. - */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \ - MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT - -/* - * The server has received the ClientHello, it contained no early data - * extension. - */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3 - -/* - * The server has received the early data extension, it has accepted early - * data and received the end of early data message from the client marking the - * end of early data reception. - */ -#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4 -#endif /* MBEDTLS_SSL_SRV_C */ - #endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 72db821a6..c952add9b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1098,14 +1098,8 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_ALLOC_FAILED; } -#if defined(MBEDTLS_SSL_EARLY_DATA) -#if defined(MBEDTLS_SSL_SRV_C) - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0, - "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0"); -#endif - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0, - "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0"); - ssl->early_data_status = 0; +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; #endif /* Initialize structures */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4bdb7e7b8..8bd70ef02 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1780,8 +1780,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_EARLY_DATA) -static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, - int hrr_required) +static int ssl_tls13_is_early_data_accepted(mbedtls_ssl_context *ssl, + int hrr_required) { mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1789,22 +1789,19 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: no early data extension received.")); - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED; - return; + return 0; } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, feature disabled in server configuration.")); - return; + return 0; } if (hrr_required) { MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, HRR required.")); - return; + return 0; } if (!handshake->resume) { @@ -1813,7 +1810,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, resumption. */ MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, not a session resumption.")); - return; + return 0; } /* RFC 8446 4.2.10 @@ -1836,7 +1833,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, the selected key in " "`pre_shared_key` is not the first one.")); - return; + return 0; } if (handshake->ciphersuite_info->id != @@ -1844,7 +1841,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, the selected ciphersuite is not the one " "of the selected pre-shared key.")); - return; + return 0; } @@ -1853,11 +1850,10 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl, 1, ("EarlyData: rejected, early_data not allowed in ticket " "permission bits.")); - return; + return 0; } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - + return 1; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1889,10 +1885,10 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_EARLY_DATA) - /* There is enough information, update early data status. */ - ssl_tls13_update_early_data_status(ssl, hrr_required); + ssl->handshake->early_data_accepted = + ssl_tls13_is_early_data_accepted(ssl, hrr_required); - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->handshake->early_data_accepted) { ret = mbedtls_ssl_tls13_compute_early_transform(ssl); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( @@ -2541,7 +2537,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->handshake->early_data_accepted) { ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, 0, p, end, &output_len); if (ret != 0) { @@ -2868,7 +2864,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->handshake->early_data_accepted) { /* See RFC 8446 section A.2 for more information */ MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early keys for inbound traffic. " @@ -3015,9 +3011,6 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data( ssl, buf, buf + buf_len)); - ssl->early_data_status = - MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED; - MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to handshake keys for inbound traffic" "( K_recv = handshake )")); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d26407e2d..12b048f38 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3768,8 +3768,7 @@ void tls13_early_data() &(server_ep.ssl), &(client_ep.ssl), MBEDTLS_SSL_CLIENT_FINISHED), 0); - TEST_EQUAL(server_ep.ssl.early_data_status, - MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1); TEST_EQUAL(server_pattern.counter, 1); exit: