diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b3f73518af..f86bc4270f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -756,9 +756,10 @@ typedef enum { MBEDTLS_SSL_EARLY_DATA_STATE_IDLE, /* - * The client has not indicated the use of early data to the server. + * In its ClientHello, the client has not included an early data indication + * extension. */ - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT, + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT, /* * The client has indicated the use of early data and the server has accepted diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d9b4ff282e..221b05de0f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1185,7 +1185,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, * If an HRR has been received and thus we are currently writing the * second ClientHello, the second ClientHello must not contain an early * data extension and the early data state must stay as it is: - * MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT or + * MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT or * MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED. */ if (!ssl->handshake->hello_retry_request_flag) { @@ -1201,7 +1201,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SENT; } else { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT; + ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT; } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1919,7 +1919,7 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) * cases we compute it here. */ #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT || + if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT || handshake->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) #endif @@ -1975,7 +1975,7 @@ static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl) ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id; #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT) { + if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED; } #endif @@ -2239,7 +2239,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) } ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED; - } else if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT) { + } else if (ssl->early_data_state != + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED; } #endif @@ -2325,7 +2326,7 @@ int mbedtls_ssl_get_early_data_status(mbedtls_ssl_context *ssl) } switch (ssl->early_data_state) { - case MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT: + case MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT: return MBEDTLS_SSL_EARLY_DATA_STATUS_NO_IND_SENT; break; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 22bd09f9b3..dc7f7c27e5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3739,7 +3739,7 @@ void tls13_read_early_data(int scenario) early_data_len); if (client_ep.ssl.early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT) { + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { TEST_EQUAL(ret, early_data_len); } else { TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); @@ -3932,7 +3932,7 @@ void tls13_cli_early_data_state(int scenario) case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); break; case TEST_EARLY_DATA_HRR: @@ -3960,7 +3960,7 @@ void tls13_cli_early_data_state(int scenario) case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); break; case TEST_EARLY_DATA_HRR: @@ -3982,7 +3982,7 @@ void tls13_cli_early_data_state(int scenario) case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); break; case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ @@ -4011,7 +4011,7 @@ void tls13_cli_early_data_state(int scenario) case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); break; case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ @@ -4034,7 +4034,7 @@ void tls13_cli_early_data_state(int scenario) case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); break; case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ @@ -4073,7 +4073,7 @@ void tls13_cli_early_data_state(int scenario) switch (scenario) { case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); break; case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ @@ -4099,7 +4099,7 @@ void tls13_cli_early_data_state(int scenario) case TEST_EARLY_DATA_NO_INDICATION_SENT: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); break; case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ @@ -4781,7 +4781,7 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in MBEDTLS_SSL_SERVER_HELLO), 0); TEST_ASSERT(client_ep.ssl.early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NOT_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); ret = mbedtls_ssl_handshake(&(server_ep.ssl)); TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);