From 3641df2980e121bae8fe1de2493e28a6678aeab2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 3 Mar 2024 16:10:58 +0100 Subject: [PATCH] tls13: cli: Rename STATE_SENT to STATE_IND_SENT Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 5 +++-- library/ssl_msg.c | 10 +++++----- library/ssl_tls13_client.c | 4 ++-- tests/suites/test_suite_ssl.function | 2 +- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f86bc4270..8ad6bb0c3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -777,9 +777,10 @@ typedef enum { * The client has sent an early data indication extension in its first * ClientHello, it has not received the response (ServerHello or * HelloRetryRequest) from the server yet. The transform to protect early data - * is not set and early data cannot be sent yet. + * is not set either as for middlebox compatibility a dummy CCs may have to be + * sent in clear. Early data cannot be sent to the server yet. */ - MBEDTLS_SSL_EARLY_DATA_STATE_SENT, + MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT, /* * The client has sent an early data indication extension in its first diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 56e5514f3..b07cd96f1 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -6099,19 +6099,19 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, /* * If we are at the beginning of the handshake, the early data state being * equal to MBEDTLS_SSL_EARLY_DATA_STATE_IDLE or - * MBEDTLS_SSL_EARLY_DATA_STATE_SENT advance the handshake just + * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT advance the handshake just * enough to be able to send early data if possible. That way, we can * guarantee that when starting the handshake with this function we will * send at least one record of early data. Note that when the state is - * MBEDTLS_SSL_EARLY_DATA_STATE_SENT and not yet - * MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, we cannot send early data yet + * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT and not yet + * MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, we cannot send early data * as the early data outbound transform has not been set as we may have to * first send a dummy CCS in clear. */ if ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) || - (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_SENT)) { + (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) { while ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) || - (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_SENT)) { + (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) { ret = mbedtls_ssl_handshake_step(ssl); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake_step", ret); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 221b05de0..1ebbc7677 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1199,7 +1199,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, } p += ext_len; - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SENT; + ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT; } else { ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT; } @@ -1239,7 +1239,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) size_t psk_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_SENT) { + if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index dc7f7c27e..6f022eb70 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -4055,7 +4055,7 @@ void tls13_cli_early_data_state(int scenario) case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ case TEST_EARLY_DATA_HRR: TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SENT); + MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT); break; default: