From 70fbdcf904605fd1a53c4f6e5ff7415a753ee458 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 4 Dec 2023 08:46:02 +0000 Subject: [PATCH 01/17] Change early data flag to input file Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 83 +++++++++++++++++++++++++------ tests/opt-testcases/tls13-misc.sh | 4 +- 2 files changed, 70 insertions(+), 17 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f6a6bb6d9..ecf225688 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -52,7 +52,7 @@ int main(void) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" -#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED +#define DFL_EARLY_DATA_FILE "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" #define DFL_ECJPAKE_PW NULL @@ -347,8 +347,9 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ - " early_data=%%d default: 0 (disabled)\n" \ - " options: 0 (disabled), 1 (enabled)\n" + " early_data=%%s The file path to read early data from\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -543,7 +544,7 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* support for early data */ + const char *early_data_file; /* the file path of early data */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -716,6 +717,46 @@ exit: return ret; } +#if defined(MBEDTLS_SSL_EARLY_DATA) + +#define MBEDTLS_ERR_EARLY_FILE_IO_ERROR -2 + +int ssl_early_data_read_file(const char *path, unsigned char **buffer, size_t *length) +{ + FILE *f; + long size; + + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + } + + fseek(f, 0, SEEK_END); + if ((size = ftell(f)) == -1) { + fclose(f); + return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + } + fseek(f, 0, SEEK_SET); + + *length = (size_t) size; + if (*length + 1 == 0 || + (*buffer = mbedtls_calloc(1, *length + 1)) == NULL) { + fclose(f); + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + if (fread(*buffer, 1, *length, f) != *length) { + fclose(f); + return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + } + + fclose(f); + + (*buffer)[*length] = '\0'; + + return 0; +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -741,6 +782,10 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) + unsigned char *early_data = NULL; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -912,7 +957,7 @@ int main(int argc, char *argv[]) opt.groups = DFL_GROUPS; opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA; + opt.early_data_file = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1196,15 +1241,7 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } + opt.early_data_file = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1971,7 +2008,16 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&conf, opt.early_data); + int early_data_enabled = 0; + size_t early_data_len; + if (strlen(opt.early_data_file) > 0 && + ssl_early_data_read_file(opt.early_data_file, + &early_data, &early_data_len) == 0) { + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + } else { + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; + } + mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { @@ -3029,6 +3075,13 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ssl_session_free(&saved_session); +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (early_data != NULL) { + mbedtls_platform_zeroize(early_data, early_data_len); + } + mbedtls_free(early_data); +#endif + if (session_data != NULL) { mbedtls_platform_zeroize(session_data, session_data_len); } diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index f03a386a0..cf8aa745a 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -287,7 +287,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ 0 \ -c "Reconnecting with saved session" \ -C "NewSessionTicket: early_data(42) extension received." \ From 6c678d7543d47a2e1ba0a69e98b5ffd1b7020bf6 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 02:20:51 +0000 Subject: [PATCH 02/17] Improve the comments of early data input Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ecf225688..64d2a1e39 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -348,8 +348,8 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ " early_data=%%s The file path to read early data from\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -544,7 +544,8 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - const char *early_data_file; /* the file path of early data */ + const char *early_data_file; /* the path of the file containing the + * early data to send */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ From b1db72923e1b9c08bcb19b526ad142f8340fdc2c Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 02:33:38 +0000 Subject: [PATCH 03/17] Rename the generic read functions to ssl_read_file_text Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 64d2a1e39..d4ca4d824 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -720,21 +720,22 @@ exit: #if defined(MBEDTLS_SSL_EARLY_DATA) -#define MBEDTLS_ERR_EARLY_FILE_IO_ERROR -2 +#define MBEDTLS_ERR_FILE_IO_ERROR -2 -int ssl_early_data_read_file(const char *path, unsigned char **buffer, size_t *length) +static int ssl_read_file_text(const char *path, + unsigned char **buffer, size_t *length) { FILE *f; long size; if ((f = fopen(path, "rb")) == NULL) { - return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + return MBEDTLS_ERR_FILE_IO_ERROR; } fseek(f, 0, SEEK_END); if ((size = ftell(f)) == -1) { fclose(f); - return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + return MBEDTLS_ERR_FILE_IO_ERROR; } fseek(f, 0, SEEK_SET); @@ -747,7 +748,7 @@ int ssl_early_data_read_file(const char *path, unsigned char **buffer, size_t *l if (fread(*buffer, 1, *length, f) != *length) { fclose(f); - return MBEDTLS_ERR_EARLY_FILE_IO_ERROR; + return MBEDTLS_ERR_FILE_IO_ERROR; } fclose(f); From eaebedb30b3810ff4dde12395d396a92740c847b Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 02:55:16 +0000 Subject: [PATCH 04/17] Refine the detect code to enable early data or not Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d4ca4d824..848fa123d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2010,14 +2010,12 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data_enabled = 0; + int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; size_t early_data_len; if (strlen(opt.early_data_file) > 0 && - ssl_early_data_read_file(opt.early_data_file, - &early_data, &early_data_len) == 0) { + ssl_read_file_text(opt.early_data_file, + &early_data, &early_data_len) == 0) { early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; - } else { - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; } mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ From f8fe11d14d5cfbfbd16589fc44aa974757b7db11 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 07:40:50 +0000 Subject: [PATCH 05/17] Remove the generic file read functions and simply the early data read Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 67 ++++++++------------------------------ 1 file changed, 14 insertions(+), 53 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 848fa123d..297da65b2 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -718,47 +718,6 @@ exit: return ret; } -#if defined(MBEDTLS_SSL_EARLY_DATA) - -#define MBEDTLS_ERR_FILE_IO_ERROR -2 - -static int ssl_read_file_text(const char *path, - unsigned char **buffer, size_t *length) -{ - FILE *f; - long size; - - if ((f = fopen(path, "rb")) == NULL) { - return MBEDTLS_ERR_FILE_IO_ERROR; - } - - fseek(f, 0, SEEK_END); - if ((size = ftell(f)) == -1) { - fclose(f); - return MBEDTLS_ERR_FILE_IO_ERROR; - } - fseek(f, 0, SEEK_SET); - - *length = (size_t) size; - if (*length + 1 == 0 || - (*buffer = mbedtls_calloc(1, *length + 1)) == NULL) { - fclose(f); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - if (fread(*buffer, 1, *length, f) != *length) { - fclose(f); - return MBEDTLS_ERR_FILE_IO_ERROR; - } - - fclose(f); - - (*buffer)[*length] = '\0'; - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -784,10 +743,6 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif -#if defined(MBEDTLS_SSL_EARLY_DATA) - unsigned char *early_data = NULL; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -2011,11 +1966,18 @@ usage: #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; - size_t early_data_len; - if (strlen(opt.early_data_file) > 0 && - ssl_read_file_text(opt.early_data_file, - &early_data, &early_data_len) == 0) { - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + FILE *early_data_fp = NULL; + size_t early_data_len = 0; + if (strlen(opt.early_data_file) > 0) { + if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data_file); + goto exit; + } + early_data_len = fread(buf, 1, sizeof(buf), early_data_fp); + if (early_data_len > 0) { + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + } } mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3076,10 +3038,9 @@ exit: mbedtls_ssl_session_free(&saved_session); #if defined(MBEDTLS_SSL_EARLY_DATA) - if (early_data != NULL) { - mbedtls_platform_zeroize(early_data, early_data_len); + if (early_data_fp != NULL) { + fclose(early_data_fp); } - mbedtls_free(early_data); #endif if (session_data != NULL) { From 611c717c02751b07870f482fcfd415ec38371f60 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 09:24:58 +0000 Subject: [PATCH 06/17] Sync the early_data option with internal parameters in ssl_client2 Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 297da65b2..69f9d5131 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -544,8 +544,8 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - const char *early_data_file; /* the path of the file containing the - * early data to send */ + const char *early_data; /* the path of the file containing the + * early data to send */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -914,7 +914,7 @@ int main(int argc, char *argv[]) opt.groups = DFL_GROUPS; opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data_file = DFL_EARLY_DATA_FILE; + opt.early_data = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1198,7 +1198,7 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - opt.early_data_file = q; + opt.early_data = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1968,10 +1968,10 @@ usage: int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; FILE *early_data_fp = NULL; size_t early_data_len = 0; - if (strlen(opt.early_data_file) > 0) { - if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + if (strlen(opt.early_data) > 0) { + if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data_file); + opt.early_data); goto exit; } early_data_len = fread(buf, 1, sizeof(buf), early_data_fp); From ae952174a7f211238980c7cbc4afd3f92c7031d3 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 6 Dec 2023 10:27:27 +0000 Subject: [PATCH 07/17] Enable early data depend on whether the early data file exist Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 69f9d5131..ceffb2f3d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1967,17 +1967,13 @@ usage: #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; FILE *early_data_fp = NULL; - size_t early_data_len = 0; if (strlen(opt.early_data) > 0) { if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", opt.early_data); goto exit; } - early_data_len = fread(buf, 1, sizeof(buf), early_data_fp); - if (early_data_len > 0) { - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; - } + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; } mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ From 57db59058635e620fdda31b5bd20e99eb5fb81df Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 03:29:22 +0000 Subject: [PATCH 08/17] Rework to revert the early_data enabled flag We have two options for early data. early_data to indicate early data enable or not. early_data_file to provide path file to read early data from Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 44 ++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ceffb2f3d..02004c3f7 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -52,6 +52,7 @@ int main(void) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" +#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED #define DFL_EARLY_DATA_FILE "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" @@ -347,9 +348,11 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ - " early_data=%%s The file path to read early data from\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " early_data=%%d default: 0 (disabled)\n" \ + " options: 0 (disabled), 1 (enabled)\n" \ + " early_data_file=%%s The file path to read early data from\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -544,8 +547,8 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - const char *early_data; /* the path of the file containing the - * early data to send */ + int early_data; /* support for early data */ + const char *early_data_file; /* the path of the file to read early data from */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -743,6 +746,10 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) + FILE *early_data_fp = NULL; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -914,7 +921,8 @@ int main(int argc, char *argv[]) opt.groups = DFL_GROUPS; opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA_FILE; + opt.early_data = DFL_EARLY_DATA; + opt.early_data_file = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1198,7 +1206,17 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - opt.early_data = q; + switch (atoi(q)) { + case 0: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + case 1: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + break; + default: goto usage; + } + } else if (strcmp(p, "early_data_file") == 0) { + opt.early_data_file = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1965,17 +1983,7 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; - FILE *early_data_fp = NULL; - if (strlen(opt.early_data) > 0) { - if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data); - goto exit; - } - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; - } - mbedtls_ssl_conf_early_data(&conf, early_data_enabled); + mbedtls_ssl_conf_early_data(&conf, opt.early_data); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { From 2a8035b49506a888bd4edc1891a27b51c920105f Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 03:54:40 +0000 Subject: [PATCH 09/17] Add read early data code Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 02004c3f7..85ba831f4 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3007,6 +3007,22 @@ reconnect: (unsigned int) -ret); goto exit; } +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (opt.early_data == MBEDTLS_SSL_EARLY_DATA_ENABLED + && strlen(opt.early_data) > 0) { + if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data); + goto exit; + } + + /* TODO: read the early data from early_data_fp in chunks, and call + * mbedtls_ssl_write_early_data() to initial the handshake and send + * out the early data. Then finish the handshake. + */ + + } +#endif while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && From dd8a7f8acfe8997e3b6d37bbdefc88ce8ac145db Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 03:58:05 +0000 Subject: [PATCH 10/17] Revert the early data test case Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index cf8aa745a..f03a386a0 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -287,7 +287,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ 0 \ -c "Reconnecting with saved session" \ -C "NewSessionTicket: early_data(42) extension received." \ From 35c026c09eb5cf91b070ca7d34ca298a72986464 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 06:10:34 +0000 Subject: [PATCH 11/17] Read early data file Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 85ba831f4..cdc43522b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3007,21 +3007,24 @@ reconnect: (unsigned int) -ret); goto exit; } -#if defined(MBEDTLS_SSL_EARLY_DATA) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA) if (opt.early_data == MBEDTLS_SSL_EARLY_DATA_ENABLED - && strlen(opt.early_data) > 0) { + && strlen(opt.early_data_file) > 0) { if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data); + opt.early_data_file); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; } + mbedtls_printf("Read early data successfully..."); + /* TODO: read the early data from early_data_fp in chunks, and call * mbedtls_ssl_write_early_data() to initial the handshake and send * out the early data. Then finish the handshake. */ - } + } else #endif while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { From 864c62a906b4df17e1db10156ca225067c530229 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 06:11:38 +0000 Subject: [PATCH 12/17] Add one test case with early_data_file Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index f03a386a0..a98cfa05a 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -295,6 +295,32 @@ run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ -C "EncryptedExtensions: early_data(42) extension received." \ -C "EncryptedExtensions: early_data(42) extension exists." +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3 m->G: EarlyData: write early data, fallback, good" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ + --earlydata --maxearlydata 16384 --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ + 0 \ + -c "received max_early_data_size: 16384" \ + -c "Reconnecting with saved session" \ + -c "Read early data successfully..." \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension exists." \ + -c "<= write EndOfEarlyData" \ + -s "Parsing extension 'Early Data/42' (0 bytes)" \ + -s "Sending extension Early Data/42 (0 bytes)" \ + -s "END OF EARLY DATA (5) was received." \ + -s "early data accepted" + #TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. skip_next_test requires_openssl_tls1_3 From daddfb520d5b9113b5c73dc10c435817abe2287b Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 08:14:30 +0000 Subject: [PATCH 13/17] Open the file once read in the file path Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cdc43522b..dfae74549 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1217,6 +1217,12 @@ usage: } } else if (strcmp(p, "early_data_file") == 0) { opt.early_data_file = q; + if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data_file); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto exit; + } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3007,25 +3013,6 @@ reconnect: (unsigned int) -ret); goto exit; } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA) - if (opt.early_data == MBEDTLS_SSL_EARLY_DATA_ENABLED - && strlen(opt.early_data_file) > 0) { - if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data_file); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto exit; - } - - mbedtls_printf("Read early data successfully..."); - - /* TODO: read the early data from early_data_fp in chunks, and call - * mbedtls_ssl_write_early_data() to initial the handshake and send - * out the early data. Then finish the handshake. - */ - - } else -#endif while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && From 963468035dc857c121899f1f83856b3c0b96ae82 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 09:19:43 +0000 Subject: [PATCH 14/17] Add the test framework of early data Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index dfae74549..c15a75dcf 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -34,6 +34,10 @@ int main(void) #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" + +/* the max record size of TLS 1.3 is 2^14 */ +#define MAX_EARLY_DATA_CHUNK_SIZE 16384 + #define DFL_SERVER_NAME "localhost" #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" @@ -721,6 +725,29 @@ exit: return ret; } +#if defined(MBEDTLS_SSL_EARLY_DATA) +int ssl_write_early_data(mbedtls_ssl_context *ssl, FILE *fp, + int *early_data_written) +{ + + /* TODO: Will add code of calling mbedtls_ssl_write_early_data() + * to write real early data. + */ + unsigned char early_data_buf[MAX_EARLY_DATA_CHUNK_SIZE]; + unsigned char *p_early_data_start = &early_data_buf[0]; + unsigned char *p_early_data_end = p_early_data_start + + MAX_EARLY_DATA_CHUNK_SIZE; + ((void) fp); + ((void) early_data_buf); + ((void) p_early_data_start); + ((void) p_early_data_end); + ((void) early_data_written); + + return mbedtls_ssl_handshake(ssl); + +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -3014,7 +3041,14 @@ reconnect: goto exit; } +#if defined(MBEDTLS_SSL_EARLY_DATA) + + int early_data_written = 0; + while ((ret = ssl_write_early_data(&ssl, early_data_fp, + &early_data_written)) != 0) { +#else while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { +#endif if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { From dce183f2e2eae9e1910f2d1316a62dbcb2e46946 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 7 Dec 2023 09:22:38 +0000 Subject: [PATCH 15/17] Remove the duplicate cases and add early_data_file option Signed-off-by: Xiaokang Qian --- tests/opt-testcases/tls13-misc.sh | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index a98cfa05a..2fe81141c 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -295,32 +295,6 @@ run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ -C "EncryptedExtensions: early_data(42) extension received." \ -C "EncryptedExtensions: early_data(42) extension exists." -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_EARLY_DATA -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: EarlyData: write early data, fallback, good" \ - "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ - --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ - 0 \ - -c "received max_early_data_size: 16384" \ - -c "Reconnecting with saved session" \ - -c "Read early data successfully..." \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension exists." \ - -c "<= write EndOfEarlyData" \ - -s "Parsing extension 'Early Data/42' (0 bytes)" \ - -s "Sending extension Early Data/42 (0 bytes)" \ - -s "END OF EARLY DATA (5) was received." \ - -s "early data accepted" - #TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. skip_next_test requires_openssl_tls1_3 From aedfc0932b086e626948e3adbafb91afcb65a682 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 8 Dec 2023 10:42:08 +0000 Subject: [PATCH 16/17] Revert to ae952174a7 and addressing some comments Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 83 +++++++------------------------ tests/opt-testcases/tls13-misc.sh | 4 +- 2 files changed, 19 insertions(+), 68 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c15a75dcf..d2f47ff06 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -34,10 +34,6 @@ int main(void) #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" - -/* the max record size of TLS 1.3 is 2^14 */ -#define MAX_EARLY_DATA_CHUNK_SIZE 16384 - #define DFL_SERVER_NAME "localhost" #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" @@ -56,8 +52,7 @@ int main(void) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" -#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED -#define DFL_EARLY_DATA_FILE "" +#define DFL_EARLY_DATA "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" #define DFL_ECJPAKE_PW NULL @@ -352,11 +347,9 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ - " early_data=%%d default: 0 (disabled)\n" \ - " options: 0 (disabled), 1 (enabled)\n" \ - " early_data_file=%%s The file path to read early data from\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " early_data=%%s The file path to read early data from\n" \ + " default: \"\" (do nothing)\n" \ + " option: a file path\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -551,8 +544,7 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* support for early data */ - const char *early_data_file; /* the path of the file to read early data from */ + const char *early_data; /* the path of the file to read early data from */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -725,29 +717,6 @@ exit: return ret; } -#if defined(MBEDTLS_SSL_EARLY_DATA) -int ssl_write_early_data(mbedtls_ssl_context *ssl, FILE *fp, - int *early_data_written) -{ - - /* TODO: Will add code of calling mbedtls_ssl_write_early_data() - * to write real early data. - */ - unsigned char early_data_buf[MAX_EARLY_DATA_CHUNK_SIZE]; - unsigned char *p_early_data_start = &early_data_buf[0]; - unsigned char *p_early_data_end = p_early_data_start + - MAX_EARLY_DATA_CHUNK_SIZE; - ((void) fp); - ((void) early_data_buf); - ((void) p_early_data_start); - ((void) p_early_data_end); - ((void) early_data_written); - - return mbedtls_ssl_handshake(ssl); - -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - int main(int argc, char *argv[]) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -773,10 +742,6 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif -#if defined(MBEDTLS_SSL_EARLY_DATA) - FILE *early_data_fp = NULL; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -949,7 +914,6 @@ int main(int argc, char *argv[]) opt.sig_algs = DFL_SIG_ALGS; #if defined(MBEDTLS_SSL_EARLY_DATA) opt.early_data = DFL_EARLY_DATA; - opt.early_data_file = DFL_EARLY_DATA_FILE; #endif opt.transport = DFL_TRANSPORT; opt.hs_to_min = DFL_HS_TO_MIN; @@ -1233,23 +1197,7 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "early_data_file") == 0) { - opt.early_data_file = q; - if ((early_data_fp = fopen(opt.early_data_file, "rb")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data_file); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto exit; - } + opt.early_data = q; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2016,7 +1964,17 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&conf, opt.early_data); + int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; + FILE *early_data_fp = NULL; + if (strlen(opt.early_data) > 0) { + if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { + mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", + opt.early_data); + goto exit; + } + early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + } + mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { @@ -3041,14 +2999,7 @@ reconnect: goto exit; } -#if defined(MBEDTLS_SSL_EARLY_DATA) - - int early_data_written = 0; - while ((ret = ssl_write_early_data(&ssl, early_data_fp, - &early_data_written)) != 0) { -#else while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { -#endif if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 2fe81141c..cf8aa745a 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 early_data_file=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -287,7 +287,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ + "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ 0 \ -c "Reconnecting with saved session" \ -C "NewSessionTicket: early_data(42) extension received." \ From a9581d2d5f83ef6b8d984ca997055b5310746911 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 11 Dec 2023 01:50:34 +0000 Subject: [PATCH 17/17] Fix CI failure of uninitialized fp Signed-off-by: Xiaokang Qian --- programs/ssl/ssl_client2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d2f47ff06..1b3dedb22 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -742,6 +742,10 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) + FILE *early_data_fp = NULL; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -1965,7 +1969,6 @@ usage: #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; - FILE *early_data_fp = NULL; if (strlen(opt.early_data) > 0) { if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n",