Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size

TLS 1.3: Enforce max_early_data_size on client
2025-07-29 11:41:15 +03:00 · 2024-03-12 13:31:20 +00:00
parent e0ffb1d2e9 61fd13c6a5
commit ec4ed8eae4
3 changed files with 187 additions and 10 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -6074,7 +6074,7 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    const struct mbedtls_ssl_config *conf;
-    int written_data_len = 0;
+    uint32_t remaining;

    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write early_data"));

@ -6124,18 +6124,27 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
                return ret;
            }
        }
+        remaining = ssl->session_negotiate->max_early_data_size;
    } else {
        /*
-         * If we are past the point where we can send early data, return
-         * immediatly. Otherwise, progress the handshake as much as possible to
-         * not delay it too much. If we reach a point where we can still send
-         * early data, then we will send some.
+         * If we are past the point where we can send early data or we have
+         * already reached the maximum early data size, return immediatly.
+         * Otherwise, progress the handshake as much as possible to not delay
+         * it too much. If we reach a point where we can still send early data,
+         * then we will send some.
         */
        if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) &&
            (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) {
            return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA;
        }

+        remaining = ssl->session_negotiate->max_early_data_size -
+                    ssl->total_early_data_size;
+
+        if (remaining == 0) {
+            return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA;
+        }
+
        ret = mbedtls_ssl_handshake(ssl);
        if ((ret != 0) && (ret != MBEDTLS_ERR_SSL_WANT_READ)) {
            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
@ -6143,16 +6152,24 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
        }
    }

-    if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) &&
-        (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) {
+    if (((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) &&
+         (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED))
+        || (remaining == 0)) {
        return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA;
    }

-    written_data_len = ssl_write_real(ssl, buf, len);
+    if (len > remaining) {
+        len = remaining;
+    }

-    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write early_data, len=%d", written_data_len));
+    ret = ssl_write_real(ssl, buf, len);
+    if (ret >= 0) {
+        ssl->total_early_data_size += ret;
+    }

-    return written_data_len;
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write early_data, ret=%d", ret));
+
+    return ret;
 }
 #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */