tls13: cli: Rename STATE_SENT to STATE_IND_SENT

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

include/mbedtls/ssl.h

@@ -777,9 +777,10 @@ typedef enum {
  * The client has sent an early data indication extension in its first
  * ClientHello, it has not received the response (ServerHello or
  * HelloRetryRequest) from the server yet. The transform to protect early data
- * is not set and early data cannot be sent yet.
+ * is not set either as for middlebox compatibility a dummy CCs may have to be
+ * sent in clear. Early data cannot be sent to the server yet.
  */
-    MBEDTLS_SSL_EARLY_DATA_STATE_SENT,
+    MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT,
 
 /*
  * The client has sent an early data indication extension in its first

library/ssl_msg.c

@@ -6099,19 +6099,19 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
     /*
      * If we are at the beginning of the handshake, the early data state being
      * equal to MBEDTLS_SSL_EARLY_DATA_STATE_IDLE or
-     * MBEDTLS_SSL_EARLY_DATA_STATE_SENT advance the handshake just
+     * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT advance the handshake just
      * enough to be able to send early data if possible. That way, we can
      * guarantee that when starting the handshake with this function we will
      * send at least one record of early data. Note that when the state is
-     * MBEDTLS_SSL_EARLY_DATA_STATE_SENT and not yet
+     * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT and not yet
-     * MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, we cannot send early data yet
+     * MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, we cannot send early data
      * as the early data outbound transform has not been set as we may have to
      * first send a dummy CCS in clear.
      */
     if ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) ||
-        (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_SENT)) {
+        (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) {
         while ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) ||
-               (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_SENT)) {
+               (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) {
             ret = mbedtls_ssl_handshake_step(ssl);
             if (ret != 0) {
                 MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake_step", ret);

library/ssl_tls13_client.c

@@ -1199,7 +1199,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
             }
             p += ext_len;
 
-            ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SENT;
+            ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT;
         } else {
             ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT;
         }
@@ -1239,7 +1239,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
     size_t psk_len;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
-    if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_SENT) {
+    if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT) {
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Set hs psk for early data when writing the first psk"));
 

tests/suites/test_suite_ssl.function

@@ -4055,7 +4055,7 @@ void tls13_cli_early_data_state(int scenario)
                     case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
                     case TEST_EARLY_DATA_HRR:
                         TEST_EQUAL(client_ep.ssl.early_data_state,
-                                   MBEDTLS_SSL_EARLY_DATA_STATE_SENT);
+                                   MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT);
                         break;
 
                     default: