Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse early data extension from new session ticket #405

Open
lhuang04 opened this issue Jan 12, 2023 · 1 comment
Open

Parse early data extension from new session ticket #405

lhuang04 opened this issue Jan 12, 2023 · 1 comment

Comments

@lhuang04
Copy link
Collaborator

lhuang04 commented Jan 12, 2023
edited
Loading

Suggested enhancement

ssl_tls13_parse_new_session_ticket_exts no longer parses the early data extension from new session ticket message. We need the following patch to restore it back.

Do we have any on-going task to support parsing early data extension from new session ticket? I found TLS 1.3 client: Parsing of the early data indication extension. But it only mentioned EncryptedExtension Message.

According to the RFC, Early data indication extension may present in new_session_ticket, client_hello, and encrypted_extensions messages. When it is used in new_session_ticket, the server can tell the client that it supports early data. ssl_tls13_new_session_ticket_early_data_ext_parse was in the tls13-protoype.

cc @ronald-cron-arm and @yuhaoth

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -3435,6 +3435,33 @@

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)

+static int ssl_tls13_new_session_ticket_early_data_ext_parse(
+    mbedtls_ssl_context *ssl,
+    const unsigned char *buf, size_t ext_size )
+{
+    /* From RFC 8446:
+     *
+     * struct {
+     *         select (Handshake.msg_type) {
+     *            case new_session_ticket:   uint32 max_early_data_size;
+     *            case client_hello:         Empty;
+     *            case encrypted_extensions: Empty;
+     *        };
+     *    } EarlyDataIndication;
+     */
+
+    if( ext_size == 4 && ssl->session != NULL )
+    {
+        ssl->session->max_early_data_size = MBEDTLS_GET_UINT32_BE( buf, 0 );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket->max_early_data_size: %u",
+                                    ssl->session->max_early_data_size ) );
+        ssl->session->ticket_flags |= allow_early_data;
+        return( 0 );
+    }
+
+    return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
                                                     const unsigned char *buf,
@@ -3460,6 +3487,13 @@
         {
             case MBEDTLS_TLS_EXT_EARLY_DATA:
                 MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
+                int ret = ssl_tls13_new_session_ticket_early_data_ext_parse( ssl, p,
+                    extension_data_len );
+                if( ret != 0 )
+                {
+                  MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_new_session_ticket_early_data_ext_parse", ret );
+                  return( ret );
+                }
                 break;

             default:

Justification

Mbed TLS needs this because
@yuhaoth
Copy link
Collaborator

yuhaoth commented Jan 16, 2023

Mbed-TLS#6933 is for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yuhaoth @lhuang04