TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5d0ae9021f28e317cfe7a2a10852dacb163c5872^! / . / library
commit5d0ae9021f28e317cfe7a2a10852dacb163c5872[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Fri Jan 05 14:20:35 2024 +0100
committerRonald Cron <ronald.cron@arm.com>Thu Feb 01 16:40:47 2024 +0100
tree72697c8c45cd1c7db20a9d6a93bfc6a9624e59b8
parent149b0e7ca2e19bbc2d0aff72615e7727fdbd844c [diff]
tls13: srv: Refine early data status

The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 96afe76..9439408 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -2132,8 +2132,26 @@
                                            size_t *out_len);
 
 #if defined(MBEDTLS_SSL_SRV_C)
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \
+/* Additional internal early data status, server side only. */
+/*
+ * The server has not received the ClientHello yet, the status of early data
+ * is thus unknown.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \
     MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
+
+/*
+ * The server has received the ClientHello, it contained no early data
+ * extension.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3
+
+/*
+ * The server has received the early data extension, it has accepted early
+ * data and received the end of early data message from the client marking the
+ * end of early data reception.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #endif /* MBEDTLS_SSL_EARLY_DATA */

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0bc18f1..72db821 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1098,6 +1098,16 @@
         return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#if defined(MBEDTLS_SSL_SRV_C)
+    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0,
+                          "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0");
+#endif
+    MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0,
+                          "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0");
+    ssl->early_data_status = 0;
+#endif
+
     /* Initialize structures */
     mbedtls_ssl_session_init(ssl->session_negotiate);
     ssl_handshake_params_init(ssl->handshake);

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 904bb5b..ff501c8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -3024,6 +3024,9 @@
         MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data(
                                  ssl, buf, buf + buf_len));
 
+        ssl->early_data_status =
+            MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED;
+
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Switch to handshake keys for inbound traffic"
                 "( K_recv = handshake )"));