commit 01d273d31f40402dce5ec47dc43782702ad5c5c3
author Ronald Cron <ronald.cron@arm.com> Fri Feb 09 16:17:10 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Fri Mar 01 09:29:16 2024 +0100
tree 5f2e7ac91acec5c978e97e330e262037364909cf
parent 919e596c05c14f7754655b970c5fab47824a2bd5

Enforce maximum size of early data in case of HRR

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 6c508d6..a8ff1c1 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4135,7 +4135,12 @@
         if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
             MBEDTLS_SSL_DEBUG_MSG(
                 3, ("EarlyData: Ignore application message before 2nd ClientHello"));
-            /* TODO: Add max_early_data_size check here, see issue 6347 */
+
+            ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
+            if (ret != 0) {
+                return ret;
+            }
+
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         } else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) {
             ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;

tests/suites/test_suite_ssl.data

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 6fb3d83..03de4a9 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3327,3 +3327,12 @@
 
 TLS 1.3 srv, max early data size, server rejects, max=97
 tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:97
+
+TLS 1.3 srv, max early data size, HRR, default
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1
+
+TLS 1.3 srv, max early data size, HRR, max=3 (very small)
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3
+
+TLS 1.3 srv, max early data size, HRR, max=97
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97

tests/suites/test_suite_ssl.function

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 0c1d606..fc1bc3e 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4463,6 +4463,11 @@
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
     mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 };
+    uint16_t group_list[3] = {
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_NONE
+    };
     char pattern[128];
     unsigned char buf_write[64];
     size_t early_data_len = sizeof(buf_write);
@@ -4484,8 +4489,10 @@
      */
 
     client_options.pk_alg = MBEDTLS_PK_ECDSA;
+    client_options.group_list = group_list;
     client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
     server_options.pk_alg = MBEDTLS_PK_ECDSA;
+    server_options.group_list = group_list;
     server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
     server_options.max_early_data_size = max_early_data_size_arg;
 
@@ -4512,6 +4519,15 @@
             mbedtls_debug_set_threshold(3);
             break;
 
+        case TEST_EARLY_DATA_HRR:
+            server_options.group_list = group_list + 1;
+            ret = mbedtls_snprintf(
+                pattern, sizeof(pattern),
+                "EarlyData: Ignore application message before 2nd ClientHello");
+            TEST_ASSERT(ret < (int) sizeof(pattern));
+            mbedtls_debug_set_threshold(3);
+            break;
+
         default:
             TEST_FAIL("Unknown scenario.");
     }
@@ -4595,7 +4611,8 @@
                 }
                 break;
 
-            case TEST_EARLY_DATA_SERVER_REJECTS:
+            case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+            case TEST_EARLY_DATA_HRR:
                 ret = mbedtls_ssl_handshake(&(server_ep.ssl));
                 /*
                  * Can be the case if max_early_data_size is smaller then the