tls13: srv: Reject early data in case of HRR
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 97ce5c2..6933d1a 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1780,7 +1780,8 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
-static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
+static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
+ int hrr_required)
{
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -1801,6 +1802,11 @@
return;
}
+ if (hrr_required) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, HRR required."));
+ return;
+ }
+
if (!handshake->resume) {
/* We currently support early data only in the case of PSKs established
via a NewSessionTicket message thus in the case of a session
@@ -1858,7 +1864,8 @@
/* Update the handshake state machine */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl)
+static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl,
+ int hrr_required)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1882,8 +1889,8 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- /* There is enough information, update early data state. */
- ssl_tls13_update_early_data_status(ssl);
+ /* There is enough information, update early data status. */
+ ssl_tls13_update_early_data_status(ssl, hrr_required);
if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
@@ -1893,6 +1900,8 @@
return ret;
}
}
+#else
+ ((void) hrr_required);
#endif /* MBEDTLS_SSL_EARLY_DATA */
return 0;
@@ -1947,7 +1956,9 @@
return 0;
}
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_client_hello(ssl));
+ MBEDTLS_SSL_PROC_CHK(
+ ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret ==
+ SSL_CLIENT_HELLO_HRR_REQUIRED));
if (SSL_CLIENT_HELLO_OK == parse_client_hello_ret) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);