From d089a4651a7675c977854f5ecbad57b0a1233b62 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 31 Aug 2018 08:41:04 +1000 Subject: [PATCH 1/2] Group Early Data message with ClientHello for faster delivery --- src/internal.c | 4 +++- src/tls13.c | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index e62a43221..83515dbe2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14739,6 +14739,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) sendSz, ret, dtlsExtra = 0; + int groupMsgs = 0; if (ssl->error == WANT_WRITE #ifdef WOLFSSL_ASYNC_CRYPT @@ -14763,6 +14764,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) WOLFSSL_MSG("handshake complete, trying to send early data"); return BUILD_MSG_ERROR; } + groupMsgs = 1; } else #endif @@ -14781,7 +14783,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } /* last time system socket output buffer was full, try again to send */ - if (ssl->buffers.outputBuffer.length > 0) { + if (!groupMsgs && ssl->buffers.outputBuffer.length > 0) { WOLFSSL_MSG("output buffer was full, trying to send again"); if ( (ssl->error = SendBuffered(ssl)) < 0) { WOLFSSL_ERROR(ssl->error); diff --git a/src/tls13.c b/src/tls13.c index 37963a453..fa437b3d2 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2670,7 +2670,11 @@ int SendTls13ClientHello(WOLFSSL* ssl) ssl->buffers.outputBuffer.length += sendSz; - ret = SendBuffered(ssl); +#ifdef WOLFSSL_EARLY_DATA + if (ssl->earlyData == no_early_data) +#endif + ret = SendBuffered(ssl); + WOLFSSL_LEAVE("SendTls13ClientHello", ret); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_SEND); From 4b208f4fe5ac34e4086988b5c3d46c5159e9be63 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 3 Sep 2018 08:48:28 +1000 Subject: [PATCH 2/2] Make grouping EarlyData and ClientHello a configuration option --- configure.ac | 8 ++++++++ src/internal.c | 2 ++ src/tls13.c | 4 +++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 580bdc9f2..c4573c271 100644 --- a/configure.ac +++ b/configure.ac @@ -2794,6 +2794,13 @@ AC_ARG_ENABLE([earlydata], [ ENABLED_TLS13_EARLY_DATA=$enableval ], [ ENABLED_TLS13_EARLY_DATA=no ] ) + +if test "$ENABLED_TLS13_EARLY_DATA" = "group" +then + ENABLED_TLS13_EARLY_DATA="yes" + # Group EarlyData with ClientHello + AM_CFLAGS="-DWOLFSSL_EARLY_DATA_GROUP $AM_CFLAGS" +fi if test "$ENABLED_TLS13_EARLY_DATA" = "yes" then if test "x$ENABLED_TLS13" = "xno" @@ -2812,6 +2819,7 @@ then AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE" fi + # PKCS7 AC_ARG_ENABLE([pkcs7], [AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])], diff --git a/src/internal.c b/src/internal.c index 83515dbe2..3fac42783 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14764,7 +14764,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) WOLFSSL_MSG("handshake complete, trying to send early data"); return BUILD_MSG_ERROR; } + #ifdef WOLFSSL_EARLY_DATA_GROUP groupMsgs = 1; + #endif } else #endif diff --git a/src/tls13.c b/src/tls13.c index fa437b3d2..acc8f2026 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -42,6 +42,8 @@ * and key generation input and output. * WOLFSSL_EARLY_DATA * Allow 0-RTT Handshake using Early Data extensions and handshake message + * WOLFSSL_EARLY_DATA_GROUP + * Group EarlyData message with ClientHello when sending * WOLFSSL_NO_SERVER_GROUPS_EXT * Do not send the server's groups in an extension when the server's top * preference is not in client's list. @@ -2670,7 +2672,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) ssl->buffers.outputBuffer.length += sendSz; -#ifdef WOLFSSL_EARLY_DATA +#ifdef WOLFSSL_EARLY_DATA_GROUP if (ssl->earlyData == no_early_data) #endif ret = SendBuffered(ssl);