From 919e596c05c14f7754655b970c5fab47824a2bd5 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Thu, 8 Feb 2024 15:48:29 +0100
Subject: [PATCH] Enforce maximum size of early data when rejected

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_msg.c                    |  6 +++-
 tests/suites/test_suite_ssl.data     |  9 ++++++
 tests/suites/test_suite_ssl.function | 45 ++++++++++++++++++++++++++--
 3 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2a6d4341be..6c508d6234 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4005,7 +4005,11 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
                  MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD)) {
                 MBEDTLS_SSL_DEBUG_MSG(
                     3, ("EarlyData: deprotect and discard app data records."));
-                /* TODO: Add max_early_data_size check here, see issue 6347 */
+
+                ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
+                if (ret != 0) {
+                    return ret;
+                }
                 ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
             }
 #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 1f705382b0..6fb3d837c0 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3318,3 +3318,12 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3
 
 TLS 1.3 srv, max early data size, max=97
 tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:97
+
+TLS 1.3 srv, max early data size, server rejects, default
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:-1
+
+TLS 1.3 srv, max early data size, server rejects, max=3 (very small)
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3
+
+TLS 1.3 srv, max early data size, server rejects, max=97
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:97
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 1408361795..0c1d606909 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4466,6 +4466,7 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
     char pattern[128];
     unsigned char buf_write[64];
     size_t early_data_len = sizeof(buf_write);
+    uint32_t expended_early_data_len = 0;
     uint32_t written_early_data_size = 0;
     int write_early_data_flag = 1;
     uint32_t max_early_data_size;
@@ -4503,6 +4504,14 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
         case TEST_EARLY_DATA_ACCEPTED:
             break;
 
+        case TEST_EARLY_DATA_SERVER_REJECTS:
+            server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+            ret = mbedtls_snprintf(pattern, sizeof(pattern),
+                                   "EarlyData: deprotect and discard app data records.");
+            TEST_ASSERT(ret < (int) sizeof(pattern));
+            mbedtls_debug_set_threshold(3);
+            break;
+
         default:
             TEST_FAIL("Unknown scenario.");
     }
@@ -4552,7 +4561,7 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
         uint32_t remaining = max_early_data_size -
                              server_ep.ssl.early_data_count;
 
-        /* Reach maximum early data exactly */
+        /* In case of accepted early data, reach max_early_data_size exactly. */
         if (early_data_len >= remaining) {
             early_data_len = remaining;
             write_early_data_flag = 0;
@@ -4585,13 +4594,43 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
                                written_early_data_size);
                 }
                 break;
+
+            case TEST_EARLY_DATA_SERVER_REJECTS:
+                ret = mbedtls_ssl_handshake(&(server_ep.ssl));
+                /*
+                 * Can be the case if max_early_data_size is smaller then the
+                 * smallest inner content or protected record.
+                 */
+                if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
+                    /* Beyond 64 for max_early_data_size it is suspicious */
+                    TEST_ASSERT(max_early_data_size < 64);
+                    goto exit;
+                }
+
+                TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ);
+
+                TEST_EQUAL(server_pattern.counter, 1);
+                server_pattern.counter = 0;
+                if (expended_early_data_len == 0) {
+                    expended_early_data_len = server_ep.ssl.early_data_count;
+                }
+                remaining = max_early_data_size - server_ep.ssl.early_data_count;
+
+                if (expended_early_data_len > remaining) {
+                    write_early_data_flag = 0;
+                }
+                break;
         }
         TEST_ASSERT(server_ep.ssl.early_data_count <= max_early_data_size);
     }
 
     mbedtls_debug_set_threshold(3);
-    ret = write_early_data(&(client_ep.ssl), buf_write, 1);
-    TEST_EQUAL(ret, 1);
+
+    early_data_len = (scenario == TEST_EARLY_DATA_ACCEPTED) ?
+                     1 : sizeof(buf_write);
+
+    ret = write_early_data(&(client_ep.ssl), buf_write, early_data_len);
+    TEST_EQUAL(ret, early_data_len);
 
     ret = mbedtls_snprintf(pattern, sizeof(pattern),
                            "EarlyData: Too many early data received");