From e923d4c1512a8df5c5b0ade2c01842dfef021549 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Wed, 7 Feb 2024 14:48:12 +0100 Subject: [PATCH 1/2] tls13: read_early_data: set outSz to 0 if no early data If not data is read, set outSz to 0. This way the caller can detect if no early data was read. --- src/tls13.c | 1 + tests/api.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index cf4a5a186..124f9a1b5 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -14357,6 +14357,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) if (!IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; + *outSz = 0; #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_CLIENT_END) return SIDE_ERROR; diff --git a/tests/api.c b/tests/api.c index d5d710ef2..193058623 100644 --- a/tests/api.c +++ b/tests/api.c @@ -69268,6 +69268,7 @@ static int test_tls13_early_data(void) ExpectFalse(wolfSSL_is_init_finished(ssl_s)); ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), &read), 0); + ExpectIntEQ(read, 0); ExpectTrue(wolfSSL_is_init_finished(ssl_s)); ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); @@ -69278,7 +69279,7 @@ static int test_tls13_early_data(void) ExpectFalse(wolfSSL_is_init_finished(ssl_s)); ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), &read), 0); - + ExpectIntEQ(read, 0); ExpectTrue(wolfSSL_is_init_finished(ssl_s)); /* Read server 0.5-RTT data */ From 7b0fefbceb86908ddd4ce86003375026a17ddd6e Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Wed, 7 Feb 2024 15:07:42 +0100 Subject: [PATCH 2/2] doc: update new wolfSSL_read_early_data() behavior --- doc/dox_comments/header_files/ssl.h | 33 ++++++++++++++--------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index a96b3888f..b8e7d3df0 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -13938,9 +13938,11 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, \brief This function reads any early data from a client on resumption. Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13() - to accept a client and read any early data in the handshake. - If there is no early data than the handshake will be processed as normal. - This function is only used with servers. + to accept a client and read any early data in the handshake. The function + should be invoked until wolfSSL_is_init_finished() returns true. Early data + may be sent by the client in multiple messsages. If there is no early data + then the handshake will be processed as normal. This function is only used + with servers. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). \param [out] data a buffer to hold the early data read from client. @@ -13951,7 +13953,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, not using TLSv1.3. \return SIDE_ERROR if called with a client. \return WOLFSSL_FATAL_ERROR if accepting a connection fails. - \return WOLFSSL_SUCCESS if successful. + \return Number of early data bytes read (may be zero). _Example_ \code @@ -13963,19 +13965,16 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, char buffer[80]; ... - ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz); - if (ret != SSL_SUCCESS) { - err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer)); - } - if (outSz > 0) { - // early data available - } - ret = wolfSSL_accept_TLSv13(ssl); - if (ret != SSL_SUCCESS) { - err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer)); - } + do { + ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz); + if (ret < 0) { + err = wolfSSL_get_error(ssl, ret); + printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer)); + } + if (outSz > 0) { + // early data available + } + } while (!wolfSSL_is_init_finished(ssl)); \endcode \sa wolfSSL_write_early_data