From 164537c4a65b66dcd57a0a2e074304c5ffb9cf03 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 1 Feb 2024 18:05:47 +0100 Subject: [PATCH] tls13: early data: Improve, add comments Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 5 +++-- library/ssl_msg.c | 4 ++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5644f08c84..2aae32ea20 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2074,7 +2074,8 @@ void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); * namely mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), * mbedtls_ssl_read() or mbedtls_ssl_write() may return with the error code * MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA indicating that some early data have - * been received. To read the early data, call mbedtls_ssl_read_early_data(). + * been received. To read the early data, call mbedtls_ssl_read_early_data() + * before calling the original function again. * * \warning This interface is experimental and may change without notice. * @@ -5124,7 +5125,7 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); * * \note This API is server specific. * - * \note Early data is defined in the TLS 1.3 specification, RFC 8446. + * \warning Early data is defined in the TLS 1.3 specification, RFC 8446. * IMPORTANT NOTE from section 2.3 of the specification: * * The security properties for 0-RTT data are weaker than diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3547f67989..20501c940a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5873,6 +5873,10 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } + /* + * The server may receive early data only while waiting for the End of + * Early Data handshake message. + */ if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) || (ssl->in_offt == NULL)) { return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;