tls13: srv: Do not use early_data_status

Due to the scope reduction for mbedtls_ssl_read_early_data(), on server as early data state variable we now only need a flag in the handshake context indicating if the server has accepted early data or not. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 18:30:31 +01:00 · 2024-02-01 18:30:31 +01:00 · 78a38f607c
commit 78a38f607c
parent 3b9034544e
5 changed files with 26 additions and 68 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1654,22 +1654,14 @@ struct mbedtls_ssl_context {
     */
    mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);

-#if defined(MBEDTLS_SSL_EARLY_DATA)
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
    /**
-     *  On client side, status of the negotiation of the use of early data.
+     *  Status of the negotiation of the use of early data.
     *  See the documentation of mbedtls_ssl_get_early_data_status() for more
     *  information.
     *
-     *  On server side, internal only, status of early data in the course of an
-     *  handshake. One of MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN,
-     *  #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED,
-     *  #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED,
-     *  MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED and
-     *  MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED.
-     *
-     *  Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or
-     *  MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, at the beginning of a new
-     *  handshake.
+     *  Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT when the context is
+     *  reset.
     */
    int MBEDTLS_PRIVATE(early_data_status);
 #endif
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -650,6 +650,10 @@ struct mbedtls_ssl_handshake_params {
    /* Flag indicating if a CertificateRequest message has been sent
     * to the client or not. */
    uint8_t certificate_request_sent;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    /* Flag indicating if the server has accepted early data or not. */
+    uint8_t early_data_accepted;
+#endif
 #endif /* MBEDTLS_SSL_SRV_C */

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
@ -2130,30 +2134,6 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
                                           unsigned char *buf,
                                           const unsigned char *end,
                                           size_t *out_len);
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/* Additional internal early data status, server side only. */
-/*
- * The server has not received the ClientHello yet, the status of early data
- * is thus unknown.
- */
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \
-    MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
-
-/*
- * The server has received the ClientHello, it contained no early data
- * extension.
- */
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3
-
-/*
- * The server has received the early data extension, it has accepted early
- * data and received the end of early data message from the client marking the
- * end of early data reception.
- */
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4
-#endif /* MBEDTLS_SSL_SRV_C */
-
 #endif /* MBEDTLS_SSL_EARLY_DATA */

 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1098,14 +1098,8 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
    }

-#if defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_SRV_C)
-    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0,
-                          "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0");
-#endif
-    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0,
-                          "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0");
-    ssl->early_data_status = 0;
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
+    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
 #endif

    /* Initialize structures */
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1780,8 +1780,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
 }

 #if defined(MBEDTLS_SSL_EARLY_DATA)
-static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
-                                               int hrr_required)
+static int ssl_tls13_is_early_data_accepted(mbedtls_ssl_context *ssl,
+                                            int hrr_required)
 {
    mbedtls_ssl_handshake_params *handshake = ssl->handshake;

@ -1789,22 +1789,19 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
        MBEDTLS_SSL_DEBUG_MSG(
            1, ("EarlyData: no early data extension received."));
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED;
-        return;
+        return 0;
    }

-    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
-
    if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
        MBEDTLS_SSL_DEBUG_MSG(
            1,
            ("EarlyData: rejected, feature disabled in server configuration."));
-        return;
+        return 0;
    }

    if (hrr_required) {
        MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, HRR required."));
-        return;
+        return 0;
    }

    if (!handshake->resume) {
@ -1813,7 +1810,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
           resumption. */
        MBEDTLS_SSL_DEBUG_MSG(
            1, ("EarlyData: rejected, not a session resumption."));
-        return;
+        return 0;
    }

    /* RFC 8446 4.2.10
@ -1836,7 +1833,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
        MBEDTLS_SSL_DEBUG_MSG(
            1, ("EarlyData: rejected, the selected key in "
                "`pre_shared_key` is not the first one."));
-        return;
+        return 0;
    }

    if (handshake->ciphersuite_info->id !=
@ -1844,7 +1841,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
        MBEDTLS_SSL_DEBUG_MSG(
            1, ("EarlyData: rejected, the selected ciphersuite is not the one "
                "of the selected pre-shared key."));
-        return;
+        return 0;

    }

@ -1853,11 +1850,10 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
            1,
            ("EarlyData: rejected, early_data not allowed in ticket "
             "permission bits."));
-        return;
+        return 0;
    }

-    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
-
+    return 1;
 }
 #endif /* MBEDTLS_SSL_EARLY_DATA */

@ -1889,10 +1885,10 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl,
    }

 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    /* There is enough information, update early data status. */
-    ssl_tls13_update_early_data_status(ssl, hrr_required);
+    ssl->handshake->early_data_accepted =
+        ssl_tls13_is_early_data_accepted(ssl, hrr_required);

-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+    if (ssl->handshake->early_data_accepted) {
        ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
        if (ret != 0) {
            MBEDTLS_SSL_DEBUG_RET(
@ -2541,7 +2537,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_ALPN */

 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+    if (ssl->handshake->early_data_accepted) {
        ret = mbedtls_ssl_tls13_write_early_data_ext(
            ssl, 0, p, end, &output_len);
        if (ret != 0) {
@ -2868,7 +2864,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl)
    }

 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+    if (ssl->handshake->early_data_accepted) {
        /* See RFC 8446 section A.2 for more information */
        MBEDTLS_SSL_DEBUG_MSG(
            1, ("Switch to early keys for inbound traffic. "
@ -3015,9 +3011,6 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl)
        MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data(
                                 ssl, buf, buf + buf_len));

-        ssl->early_data_status =
-            MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED;
-
        MBEDTLS_SSL_DEBUG_MSG(
            1, ("Switch to handshake keys for inbound traffic"
                "( K_recv = handshake )"));
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -3768,8 +3768,7 @@ void tls13_early_data()
                   &(server_ep.ssl), &(client_ep.ssl),
                   MBEDTLS_SSL_CLIENT_FINISHED), 0);

-    TEST_EQUAL(server_ep.ssl.early_data_status,
-               MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED);
+    TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1);
    TEST_EQUAL(server_pattern.counter, 1);

 exit: