Open lhuang04 opened 1 year ago
ssl_tls13_parse_new_session_ticket_exts no longer parses the early data extension from new session ticket message. We need the following patch to restore it back.
Do we have any on-going task to support parsing early data extension from new session ticket? I found TLS 1.3 client: Parsing of the early data indication extension. But it only mentioned EncryptedExtension Message.
EncryptedExtension
According to the RFC, Early data indication extension may present in new_session_ticket, client_hello, and encrypted_extensions messages. When it is used in new_session_ticket, the server can tell the client that it supports early data. ssl_tls13_new_session_ticket_early_data_ext_parse was in the tls13-protoype.
new_session_ticket
client_hello
encrypted_extensions
cc @ronald-cron-arm and @yuhaoth
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -3435,6 +3435,33 @@ #if defined(MBEDTLS_SSL_SESSION_TICKETS) +static int ssl_tls13_new_session_ticket_early_data_ext_parse( + mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t ext_size ) +{ + /* From RFC 8446: + * + * struct { + * select (Handshake.msg_type) { + * case new_session_ticket: uint32 max_early_data_size; + * case client_hello: Empty; + * case encrypted_extensions: Empty; + * }; + * } EarlyDataIndication; + */ + + if( ext_size == 4 && ssl->session != NULL ) + { + ssl->session->max_early_data_size = MBEDTLS_GET_UINT32_BE( buf, 0 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket->max_early_data_size: %u", + ssl->session->max_early_data_size ) ); + ssl->session->ticket_flags |= allow_early_data; + return( 0 ); + } + + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +} + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -3460,6 +3487,13 @@ { case MBEDTLS_TLS_EXT_EARLY_DATA: MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); + int ret = ssl_tls13_new_session_ticket_early_data_ext_parse( ssl, p, + extension_data_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_new_session_ticket_early_data_ext_parse", ret ); + return( ret ); + } break; default:
Mbed TLS needs this because
https://github.com/Mbed-TLS/mbedtls/issues/6933 is for this issue.
Suggested enhancement
ssl_tls13_parse_new_session_ticket_exts no longer parses the early data extension from new session ticket message. We need the following patch to restore it back.
Do we have any on-going task to support parsing early data extension from new session ticket? I found TLS 1.3 client: Parsing of the early data indication extension. But it only mentioned
EncryptedExtension
Message.According to the RFC, Early data indication extension may present in
new_session_ticket
,client_hello
, andencrypted_extensions
messages. When it is used in new_session_ticket, the server can tell the client that it supports early data. ssl_tls13_new_session_ticket_early_data_ext_parse was in the tls13-protoype.cc @ronald-cron-arm and @yuhaoth
Justification
Mbed TLS needs this because