tls13: srv: Enforce maximum size of early data

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-28 00:21:48 +03:00 · 2024-02-22 10:22:09 +01:00
parent c286519747
commit 8571804382
3 changed files with 49 additions and 8 deletions
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -1454,6 +1454,47 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,

    return 0;
 }
+
+#if defined(MBEDTLS_SSL_SRV_C)
+int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl,
+                                           size_t early_data_len)
+{
+    uint32_t uint32_early_data_len = (uint32_t) early_data_len;
+
+    /*
+     * This function should be called only while an handshake is in progress
+     * and thus a session under negotiation. Add a sanity check to detect a
+     * misuse.
+     */
+    if (ssl->session_negotiate == NULL) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
+
+    /* RFC 8446 section 4.6.1
+     *
+     * A server receiving more than max_early_data_size bytes of 0-RTT data
+     * SHOULD terminate the connection with an "unexpected_message" alert.
+     */
+    if (uint32_early_data_len >
+        (ssl->session_negotiate->max_early_data_size -
+         ssl->early_data_count)) {
+
+        MBEDTLS_SSL_DEBUG_MSG(
+            2, ("EarlyData: Too many early data received, %u > %u",
+                ssl->early_data_count + uint32_early_data_len,
+                ssl->session_negotiate->max_early_data_size));
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+            MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+    }
+
+    ssl->early_data_count += uint32_early_data_len;
+
+    return 0;
+}
+#endif /* MBEDTLS_SSL_SRV_C */
 #endif /* MBEDTLS_SSL_EARLY_DATA */

 /* Reset SSL context and update hash for handling HRR.