hannestschofenig / mbedtls

An open source, portable, easy to use, readable and flexible SSL library
https://tls.mbed.org
Apache License 2.0
16 stars 8 forks source link

Parse early data extension from new session ticket #405

Open lhuang04 opened 1 year ago

lhuang04 commented 1 year ago

Suggested enhancement

ssl_tls13_parse_new_session_ticket_exts no longer parses the early data extension from new session ticket message. We need the following patch to restore it back.

Do we have any on-going task to support parsing early data extension from new session ticket? I found TLS 1.3 client: Parsing of the early data indication extension. But it only mentioned EncryptedExtension Message.

According to the RFC, Early data indication extension may present in new_session_ticket, client_hello, and encrypted_extensions messages. When it is used in new_session_ticket, the server can tell the client that it supports early data. ssl_tls13_new_session_ticket_early_data_ext_parse was in the tls13-protoype.

cc @ronald-cron-arm and @yuhaoth

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -3435,6 +3435,33 @@

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)

+static int ssl_tls13_new_session_ticket_early_data_ext_parse(
+    mbedtls_ssl_context *ssl,
+    const unsigned char *buf, size_t ext_size )
+{
+    /* From RFC 8446:
+     *
+     * struct {
+     *         select (Handshake.msg_type) {
+     *            case new_session_ticket:   uint32 max_early_data_size;
+     *            case client_hello:         Empty;
+     *            case encrypted_extensions: Empty;
+     *        };
+     *    } EarlyDataIndication;
+     */
+
+    if( ext_size == 4 && ssl->session != NULL )
+    {
+        ssl->session->max_early_data_size = MBEDTLS_GET_UINT32_BE( buf, 0 );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket->max_early_data_size: %u",
+                                    ssl->session->max_early_data_size ) );
+        ssl->session->ticket_flags |= allow_early_data;
+        return( 0 );
+    }
+
+    return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
                                                     const unsigned char *buf,
@@ -3460,6 +3487,13 @@
         {
             case MBEDTLS_TLS_EXT_EARLY_DATA:
                 MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
+                int ret = ssl_tls13_new_session_ticket_early_data_ext_parse( ssl, p,
+                    extension_data_len );
+                if( ret != 0 )
+                {
+                  MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_new_session_ticket_early_data_ext_parse", ret );
+                  return( ret );
+                }
                 break;

             default:

Justification

Mbed TLS needs this because

yuhaoth commented 1 year ago

https://github.com/Mbed-TLS/mbedtls/issues/6933 is for this issue.