Revert "tls13: Introduce early_data_state SSL context field"
This reverts commit 0883b8b625a5531f2fc8a61b6b0417f00f76f91e.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 3410c90..2b0e737 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -49,11 +49,6 @@
unsigned int flags);
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-const char *mbedtls_ssl_cli_early_data_state_str(enum mbedtls_ssl_cli_early_data_state in);
-const char *mbedtls_ssl_srv_early_data_state_str(enum mbedtls_ssl_srv_early_data_state in);
-#endif
-
#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask) \
mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__, \
hs_msg_type, extensions_mask, NULL)
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 2a488bb..9439408 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2130,6 +2130,30 @@
unsigned char *buf,
const unsigned char *end,
size_t *out_len);
+
+#if defined(MBEDTLS_SSL_SRV_C)
+/* Additional internal early data status, server side only. */
+/*
+ * The server has not received the ClientHello yet, the status of early data
+ * is thus unknown.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN \
+ MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
+
+/*
+ * The server has received the ClientHello, it contained no early data
+ * extension.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED 3
+
+/*
+ * The server has received the early data extension, it has accepted early
+ * data and received the end of early data message from the client marking the
+ * end of early data reception.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED 4
+#endif /* MBEDTLS_SSL_SRV_C */
+
#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 50a8cd2..72db821 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1099,7 +1099,13 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- ssl->early_data_state.cli = 0;
+#if defined(MBEDTLS_SSL_SRV_C)
+ MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN == 0,
+ "MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN not equal to 0");
+#endif
+ MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT == 0,
+ "MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT not equal to 0");
+ ssl->early_data_status = 0;
#endif
/* Initialize structures */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 94bbfe8..76f0f18 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1195,10 +1195,10 @@
* `accepted` if the EncryptedExtension message contain an early data
* indication extension.
*/
- ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
} else {
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension"));
- ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1235,7 +1235,7 @@
size_t psk_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) {
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Set hs psk for early data when writing the first psk"));
@@ -1916,7 +1916,7 @@
* cases we compute it here.
*/
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_NOT_SENT ||
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT ||
handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL)
#endif
@@ -2228,7 +2228,7 @@
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
- ssl->early_data_state.cli = MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
}
#endif
@@ -2565,9 +2565,9 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_ACCEPTED) {
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
- } else if (ssl->early_data_state.cli == MBEDTLS_SSL_CLI_EARLY_DATA_STATE_REJECTED) {
+ } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
} else
#endif /* MBEDTLS_SSL_EARLY_DATA */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5b90dd5..4bdb7e7 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1780,8 +1780,8 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
-static void ssl_tls13_update_early_data_state(mbedtls_ssl_context *ssl,
- int hrr_required)
+static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl,
+ int hrr_required)
{
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -1789,11 +1789,11 @@
MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: no early data extension received."));
- ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_NOT_RECEIVED;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED;
return;
}
- ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_REJECTED;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
MBEDTLS_SSL_DEBUG_MSG(
@@ -1856,7 +1856,7 @@
return;
}
- ssl->early_data_state.srv = MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1890,9 +1890,9 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
/* There is enough information, update early data status. */
- ssl_tls13_update_early_data_state(ssl, hrr_required);
+ ssl_tls13_update_early_data_status(ssl, hrr_required);
- if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) {
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(
@@ -2541,7 +2541,7 @@
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) {
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
ret = mbedtls_ssl_tls13_write_early_data_ext(
ssl, 0, p, end, &output_len);
if (ret != 0) {
@@ -2868,7 +2868,7 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->early_data_state.srv == MBEDTLS_SSL_SRV_EARLY_DATA_STATE_ACCEPTING) {
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
/* See RFC 8446 section A.2 for more information */
MBEDTLS_SSL_DEBUG_MSG(
1, ("Switch to early keys for inbound traffic. "
@@ -3015,8 +3015,8 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data(
ssl, buf, buf + buf_len));
- ssl->early_data_state.srv =
- MBEDTLS_SSL_SRV_EARLY_DATA_STATE_EOED_RECEIVED;
+ ssl->early_data_status =
+ MBEDTLS_SSL_EARLY_DATA_STATUS_END_OF_EARLY_DATA_RECEIVED;
MBEDTLS_SSL_DEBUG_MSG(
1, ("Switch to handshake keys for inbound traffic"