commit 01d273d31f40402dce5ec47dc43782702ad5c5c3
author Ronald Cron <ronald.cron@arm.com> Fri Feb 09 16:17:10 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Fri Mar 01 09:29:16 2024 +0100
tree 5f2e7ac91acec5c978e97e330e262037364909cf
parent 919e596c05c14f7754655b970c5fab47824a2bd5

Enforce maximum size of early data in case of HRR

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 6c508d6..a8ff1c1 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4135,7 +4135,12 @@
         if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
             MBEDTLS_SSL_DEBUG_MSG(
                 3, ("EarlyData: Ignore application message before 2nd ClientHello"));
-            /* TODO: Add max_early_data_size check here, see issue 6347 */
+
+            ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
+            if (ret != 0) {
+                return ret;
+            }
+
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         } else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) {
             ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;