commit 85718043820d3dd9bd8922e269332430278b820c
author Ronald Cron <ronald.cron@arm.com> Thu Feb 22 10:22:09 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Fri Mar 01 09:29:09 2024 +0100
tree 34a4519ba08dc015391f69bdf999af7259f4465e
parent c2865197478cddf22572c774481fb90db2c2f461

tls13: srv: Enforce maximum size of early data

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 2391915..449fa38 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2913,17 +2913,14 @@
     }
 
     if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
-        MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data"));
-        /* RFC 8446 section 4.6.1
-         *
-         * A server receiving more than max_early_data_size bytes of 0-RTT data
-         * SHOULD terminate the connection with an "unexpected_message" alert.
-         *
-         * TODO: Add received data size check here.
-         */
         if (ssl->in_offt == NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data"));
             /* Set the reading pointer */
             ssl->in_offt = ssl->in_msg;
+            ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen);
+            if (ret != 0) {
+                return ret;
+            }
         }
         return SSL_GOT_EARLY_DATA;
     }