tls13: srv: Add mbedtls_ssl_read_early_data() API
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index e769767..825ca8f 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5865,6 +5865,55 @@
return ret;
}
+
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA)
+int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
+ unsigned char *buf, size_t len)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const struct mbedtls_ssl_config *conf;
+ unsigned char *p = buf;
+
+ if (ssl == NULL || ((conf = ssl->conf) == NULL)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) ||
+ (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+ (conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) {
+ return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
+ }
+
+ if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
+ return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
+ }
+
+ if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) &&
+ (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) {
+ return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
+ }
+
+ ret = mbedtls_ssl_handshake(ssl);
+ if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) {
+ if (ssl->in_offt == NULL) {
+ /* Set the reading pointer */
+ ssl->in_offt = ssl->in_msg;
+ }
+ ret = ssl_read_application_data(ssl, p, len);
+ } else if (ret == 0) {
+ /*
+ * If the handshake is completed, return immediately that early data
+ * cannot be read anymore. This potentially saves another call to this
+ * API and when the function returns 0, it only means that zero byte
+ * of early data has been received.
+ */
+ return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
+ }
+
+ return ret;
+}
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA */
+
/*
* Send application data to be encrypted by the SSL layer, taking care of max
* fragment length and buffer size.
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 3b560e7..97ce5c2 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2943,29 +2943,6 @@
return 0;
}
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_early_application_data(mbedtls_ssl_context *ssl)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
- return ret;
- }
-
- /*
- * Output early data
- *
- * For the time being, we print received data via debug message.
- *
- * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready.
- */
- ssl->in_msg[ssl->in_msglen] = 0;
- MBEDTLS_SSL_DEBUG_MSG(3, ("\n%s", ssl->in_msg));
-
- return 0;
-}
-
/*
* RFC 8446 section A.2
*
@@ -3039,7 +3016,8 @@
ssl_tls13_prepare_for_handshake_second_flight(ssl);
} else if (ret == SSL_GOT_EARLY_DATA) {
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_process_early_application_data(ssl));
+ ret = MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA;
+ goto cleanup;
} else {
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;