commit ed7d4bfda589684c59aaadc14e4bfdba07f7cd3d
author Ronald Cron <ronald.cron@arm.com> Wed Jan 31 07:55:19 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Thu Feb 01 16:45:07 2024 +0100
tree d1828ab6c89b23448bb462fb8173ff39b996aa39
parent 44d70a5f2341b3664b8be81a37b94ee97773c4bc

tls13: srv: Simplify mbedtls_ssl_read_early_data() API

Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index c6ba115..3547f67 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5865,54 +5865,20 @@
     return ret;
 }
 
-
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA)
 int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
                                 unsigned char *buf, size_t len)
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const struct mbedtls_ssl_config *conf;
-    unsigned char *p = buf;
-
-    if (ssl == NULL || ((conf = ssl->conf) == NULL)) {
+    if (ssl == NULL || (ssl->conf == NULL)) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) ||
-        (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
-        (conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) {
+    if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) ||
+        (ssl->in_offt == NULL)) {
         return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
     }
 
-    if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
-        return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
-    }
-
-    if ((ssl->early_data_state.srv !=
-         MBEDTLS_SSL_SRV_EARLY_DATA_STATE_WAITING_CH) &&
-        (ssl->early_data_state.srv !=
-         MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING)) {
-        return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
-    }
-
-    ret = mbedtls_ssl_handshake(ssl);
-    if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) {
-        if (ssl->in_offt == NULL) {
-            /* Set the reading pointer */
-            ssl->in_offt = ssl->in_msg;
-        }
-        ret = ssl_read_application_data(ssl, p, len);
-    } else if (ret == 0) {
-        /*
-         * If the handshake is completed, return immediately that early data
-         * cannot be read anymore. This potentially saves another call to this
-         * API and when the function returns 0, it only means that zero byte
-         * of early data has been received.
-         */
-        return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
-    }
-
-    return ret;
+    return ssl_read_application_data(ssl, buf, len);
 }
 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA */