Skip to content

TLS 1.3: SRV: Implement mbedtls_ssl_read_early_data() #8692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
Feb 2, 2024
Merged

TLS 1.3: SRV: Implement mbedtls_ssl_read_early_data() #8692

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
149b0e7
ssl.h: Fix comment
ronald-cron-arm Jan 5, 2024
5d0ae90
tls13: srv: Refine early data status
ronald-cron-arm Jan 5, 2024
739a1d4
tls: Add internal function ssl_read_application_data()
yuhaoth Dec 8, 2022
6a5904d
tls13: srv: Move early data size check placeholder
yuhaoth Dec 6, 2023
032985c
Add MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code
yuhaoth Dec 6, 2023
3a04562
Update mbedtls_ssl_read_early_data() definition
ronald-cron-arm Jan 8, 2024
d9ca354
tls13: srv: Add mbedtls_ssl_read_early_data() API
yuhaoth Dec 6, 2023
192e0f9
ssl_server2: Add read early data support
yuhaoth Dec 16, 2022
579bd4d
Update early data test
yuhaoth Nov 16, 2023
7b6ee94
tls13: srv: Reject early data in case of HRR
ronald-cron-arm Jan 12, 2024
7d21cde
ssl.h: Simplify guard
ronald-cron-arm Jan 30, 2024
0883b8b
tls13: Introduce early_data_state SSL context field
ronald-cron-arm Jan 30, 2024
2c43089
ssl.h: Fix comments
ronald-cron-arm Jan 30, 2024
44d70a5
tls13: early data: Improve documentation
ronald-cron-arm Jan 30, 2024
ed7d4bf
tls13: srv: Simplify mbedtls_ssl_read_early_data() API
ronald-cron-arm Jan 31, 2024
164537c
tls13: early data: Improve, add comments
ronald-cron-arm Feb 1, 2024
3b90345
Revert "tls13: Introduce early_data_state SSL context field"
ronald-cron-arm Feb 1, 2024
78a38f6
tls13: srv: Do not use early_data_status
ronald-cron-arm Feb 1, 2024
38dbab9
tests: ssl: Adjust early data test
ronald-cron-arm Feb 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions include/mbedtls/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2074,7 +2074,8 @@ void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
* namely mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(),
* mbedtls_ssl_read() or mbedtls_ssl_write() may return with the error code
* MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA indicating that some early data have
* been received. To read the early data, call mbedtls_ssl_read_early_data().
* been received. To read the early data, call mbedtls_ssl_read_early_data()
* before calling the original function again.
*
* \warning This interface is experimental and may change without notice.
*
Expand Down Expand Up @@ -5124,7 +5125,7 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
*
* \note This API is server specific.
*
* \note Early data is defined in the TLS 1.3 specification, RFC 8446.
* \warning Early data is defined in the TLS 1.3 specification, RFC 8446.
* IMPORTANT NOTE from section 2.3 of the specification:
*
* The security properties for 0-RTT data are weaker than
Expand Down
4 changes: 4 additions & 0 deletions library/ssl_msg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5873,6 +5873,10 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}

/*
* The server may receive early data only while waiting for the End of
* Early Data handshake message.
*/
if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) ||
(ssl->in_offt == NULL)) {
return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
Expand Down