TLS 1.3: ignore "early_data" extensiontmp-skip-zero-rtt

As 0-RTT is still not implemented in GnuTLS, the server responds with 1-RTT, by skipping decryption failure up to max_early_data_size, as suggested in 4.2.10 Early Data Detection. Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2018-07-16 11:30:05 +0200
committer: Daiki Ueno <dueno@redhat.com> 2018-07-24 14:43:16 +0200
commit: 9d1f2253d1181213ea3fcc9357e7c6e181f3feef (patch)
tree: 770d93e1e699e4e53d9756d843b38b8c1c86cc1b /lib/state.c
parent: 1debc409d3f751fcf72da37ee919a1fe8cb435e4 (diff)
download: gnutls-tmp-skip-zero-rtt.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/state.c b/lib/state.c
index d01475c84a..e3417e6c39 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -276,6 +276,8 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
 
 	session->internals.tfo.connect_addrlen = 0;
 	session->internals.tfo.connect_only = 0;
+	session->internals.early_data_indicated = 0;
+	session->internals.early_data_received = 0;
 }
 
 /**
@@ -354,6 +356,13 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
 	(*session)->security_parameters.max_record_send_size =
 	    DEFAULT_MAX_RECORD_SIZE;
 
+	/* set the default early data size for TLS
+	 */
+	if ((*session)->security_parameters.entity == GNUTLS_SERVER) {
+		(*session)->security_parameters.max_early_data_size =
+			DEFAULT_MAX_EARLY_DATA_SIZE;
+	}
+
 	/* everything else not initialized here is initialized
 	 * as NULL or 0. This is why calloc is used.
 	 */
author	Daiki Ueno <dueno@redhat.com>	2018-07-16 11:30:05 +0200
committer	Daiki Ueno <dueno@redhat.com>	2018-07-24 14:43:16 +0200
commit	9d1f2253d1181213ea3fcc9357e7c6e181f3feef (patch)
tree	770d93e1e699e4e53d9756d843b38b8c1c86cc1b /lib/state.c
parent	1debc409d3f751fcf72da37ee919a1fe8cb435e4 (diff)
download	gnutls-tmp-skip-zero-rtt.tar.gz