commit d2884662c13484d7392997cf2a8673699cc704cb
author Ronald Cron <ronald.cron@arm.com> Sun Mar 03 15:03:22 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Tue Mar 12 17:48:15 2024 +0100
tree aee55a7e73b2461648d275801890ba52db4b8605
parent ec4ed8eae4645f71a475b9eb8a3e1ec299e1a3a5

tls13: cli: Split early data user status and internal state

Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 88d6c9e..8234e9a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1181,12 +1181,12 @@
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     /* In the first ClientHello, write the early data indication extension if
-     * necessary and update the early data status.
+     * necessary and update the early data state.
      * If an HRR has been received and thus we are currently writing the
      * second ClientHello, the second ClientHello must not contain an early
-     * data extension and the early data status must stay as it is:
-     * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or
-     * MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED.
+     * data extension and the early data state must stay as it is:
+     * MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT or
+     * MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED.
      */
     if (!ssl->handshake->hello_retry_request_flag) {
         if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) &&
@@ -1199,9 +1199,9 @@
             }
             p += ext_len;
 
-            ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SENT;
+            ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SENT;
         } else {
-            ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
+            ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT;
         }
     }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1239,7 +1239,7 @@
     size_t psk_len;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT) {
+    if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_SENT) {
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Set hs psk for early data when writing the first psk"));
 
@@ -1302,7 +1302,7 @@
             1, ("Switch to early data keys for outbound traffic"));
         mbedtls_ssl_set_outbound_transform(
             ssl, ssl->handshake->transform_earlydata);
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE;
+        ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE;
 #endif
     }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1919,7 +1919,7 @@
      * cases we compute it here.
      */
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT ||
+    if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT ||
         handshake->key_exchange_mode ==
         MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL)
 #endif
@@ -1975,8 +1975,8 @@
     ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id;
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) {
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+    if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT) {
+        ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED;
     }
 #endif
 
@@ -2238,9 +2238,9 @@
             return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
-    } else if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) {
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+        ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED;
+    } else if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT) {
+        ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED;
     }
 #endif
 
@@ -2324,16 +2324,16 @@
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    switch (ssl->early_data_status) {
-        case MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT:
+    switch (ssl->early_data_state) {
+        case MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT:
             return MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
             break;
 
-        case MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED:
+        case MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED:
             return MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
             break;
 
-        case MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED:
+        case MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED:
             return MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
             break;
 
@@ -2604,8 +2604,8 @@
     }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED;
+    if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED) {
+        ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED;
         mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
     } else
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -3123,7 +3123,7 @@
                     1, ("Switch to early data keys for outbound traffic"));
                 mbedtls_ssl_set_outbound_transform(
                     ssl, ssl->handshake->transform_earlydata);
-                ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE;
+                ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE;
             }
             break;
 #endif /* MBEDTLS_SSL_EARLY_DATA */