Address comments base on reviews
Improve early data indication check
Update test case to gnutls server
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 4412f8e..9efbbbc 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -33,6 +33,11 @@
const char *mbedtls_ssl_states_str( mbedtls_ssl_states in );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+const char *mbedtls_ssl_ticket_flags_str( mbedtls_ssl_ticket_flags in );
+#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) &&
+ defined(MBEDTLS_SSL_SESSION_TICKETS) */
+
const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in );
const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in );
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 581e153..342cabb 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -991,13 +991,6 @@
} tls13_master_secrets;
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
-
-#if defined(MBEDTLS_SSL_EARLY_DATA)
- int early_data; /*!< Early data indication:
- * 0 -- MBEDTLS_SSL_EARLY_DATA_DISABLED (for no early data), and
- * 1 -- MBEDTLS_SSL_EARLY_DATA_ENABLED (for use early data)
- */
-#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b539f8f..46c7c45 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -705,8 +705,8 @@
{
mbedtls_ssl_session *session = ssl->session_negotiate;
return( ssl->handshake->resume &&
- session != NULL && session->ticket != NULL &&
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+ ( session->ticket_flags & MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA ) &&
mbedtls_ssl_tls13_cipher_suite_is_offered(
ssl, session->ciphersuite ) );
}
@@ -1174,11 +1174,7 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
- ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- || ssl_tls13_early_data_has_valid_ticket( ssl )
-#endif
- ) &&
+ ssl_tls13_early_data_has_valid_ticket( ssl ) &&
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
{
ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
@@ -1186,15 +1182,14 @@
return( ret );
p += ext_len;
- ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON;
- /* Initializes the status to `rejected`. Changes it to `accepted`
+ /* Initializes the status to `indication sent`. Changes it to `accepted`
* when `early_data` is received in EncryptedExtesion. */
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
- ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF;
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -2543,6 +2538,13 @@
switch( extension_type )
{
+ case MBEDTLS_TLS_EXT_EARLY_DATA:
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
+ if( extension_data_len == 4 && ssl->session != NULL)
+ ssl->session->ticket_flags |=
+ MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA;
+ break;
+
default:
MBEDTLS_SSL_PRINT_EXT(
3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,