summaryrefslogtreecommitdiff
path: root/lib/record.c
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2018-07-16 11:30:05 +0200
committerDaiki Ueno <dueno@redhat.com>2018-08-06 10:51:58 +0200
commit68c21a22c45cfe6ea80f542dc8ef3a9b84c1498b (patch)
tree8484f7d12bcd431c984e07c6f6b820faf481d371 /lib/record.c
parent8f90d5bd7a79b3e69145c3d2fde583d24372f143 (diff)
downloadgnutls-68c21a22c45cfe6ea80f542dc8ef3a9b84c1498b.tar.gz
TLS 1.3: ignore "early_data" extension
As 0-RTT is still not implemented in GnuTLS, the server responds with 1-RTT, by skipping decryption failure up to max_early_data_size, as suggested in 4.2.10 Early Data Detection. Resolves #512 Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/record.c')
-rw-r--r--lib/record.c38
1 files changed, 38 insertions, 0 deletions
diff --git a/lib/record.c b/lib/record.c
index 1cc328cb93..4589765524 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -1334,6 +1334,44 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
_mbuffer_head_remove_bytes(&session->internals.record_recv_buffer,
record.header_size + record.length);
+
+ /* FIXME: as 0-RTT is not implemented yet, when early data is
+ * indicated, skip decryption failure up to
+ * max_early_data_size. Otherwise, if the record is properly
+ * decrypted, treat it as the start of client's second flight.
+ *
+ * This implements the first way suggested in 4.2.10 of
+ * draft-ietf-tls-tls13-28.
+ */
+ if (unlikely(session->internals.hsk_flags & HSK_EARLY_DATA_IN_FLIGHT)) {
+ if (record.type == GNUTLS_APPLICATION_DATA &&
+ (ret < 0 ||
+ /* early data must always be encrypted, treat it
+ * as decryption failure if otherwise */
+ record_params->cipher->id == GNUTLS_CIPHER_NULL)) {
+ if (record.length >
+ session->security_parameters.max_early_data_size -
+ session->internals.early_data_received) {
+ _gnutls_record_log
+ ("REC[%p]: max_early_data_size exceeded\n",
+ session);
+ ret = GNUTLS_E_UNEXPECTED_PACKET;
+ goto sanity_check_error;
+ }
+
+ _gnutls_record_log("REC[%p]: Discarded early data[%u] due to invalid decryption, length: %u\n",
+ session,
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence),
+ (unsigned int)
+ record.length);
+ session->internals.early_data_received += record.length;
+ goto discard;
+ } else {
+ session->internals.hsk_flags &= ~HSK_EARLY_DATA_IN_FLIGHT;
+ }
+ }
+
if (ret < 0) {
gnutls_assert();
_gnutls_audit_log(session,
View Lorry Controller Status