From 09962631f3ee37aa2638b2909ef6c428dc26a2ad Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 29 Apr 2021 08:35:02 +0200
Subject: gnutls_init: add flag to omit EndOfEarlyData messages

The message is prohibited in QUIC:
https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.3

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/includes/gnutls/gnutls.h.in |  4 +++-
 lib/tls13/early_data.c          | 20 +++++++++++++-------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index ef33a921c2..ca01fc9bdc 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -480,6 +480,7 @@ typedef enum {
  * @GNUTLS_ENABLE_RAWPK: Allows raw public-keys to be negotiated during the handshake. Since 3.6.6.
  * @GNUTLS_NO_AUTO_SEND_TICKET: Under TLS1.3 disable auto-sending of
  *    session tickets during the handshake.
+ * @GNUTLS_NO_END_OF_EARLY_DATA: Under TLS1.3 suppress sending EndOfEarlyData message. Since 3.7.2.
  *
  * Enumeration of different flags for gnutls_init() function. All the flags
  * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually
@@ -511,7 +512,8 @@ typedef enum {
 	GNUTLS_ENABLE_RAWPK = (1<<18),
 	GNUTLS_AUTO_REAUTH = (1<<19),
 	GNUTLS_ENABLE_EARLY_DATA = (1<<20),
-	GNUTLS_NO_AUTO_SEND_TICKET = (1<<21)
+	GNUTLS_NO_AUTO_SEND_TICKET = (1<<21),
+	GNUTLS_NO_END_OF_EARLY_DATA = (1<<22)
 } gnutls_init_flags_t;
 
 /* compatibility defines (previous versions of gnutls
diff --git a/lib/tls13/early_data.c b/lib/tls13/early_data.c
index ccace901b9..3d565d54b3 100644
--- a/lib/tls13/early_data.c
+++ b/lib/tls13/early_data.c
@@ -61,6 +61,10 @@ int _gnutls13_send_end_of_early_data(gnutls_session_t session, unsigned again)
 	      session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED))
 		return 0;
 
+	if (session->internals.flags & GNUTLS_NO_END_OF_EARLY_DATA) {
+		return 0;
+	}
+
 	if (again == 0) {
 		ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
 		if (ret < 0)
@@ -81,14 +85,16 @@ int _gnutls13_recv_end_of_early_data(gnutls_session_t session)
 	      session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED))
 		return 0;
 
-	ret = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_END_OF_EARLY_DATA, 0, &buf);
-	if (ret < 0)
-		return gnutls_assert_val(ret);
+	if (!(session->internals.flags & GNUTLS_NO_END_OF_EARLY_DATA)) {
+		ret = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_END_OF_EARLY_DATA, 0, &buf);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
 
-	if (buf.length != 0) {
-		gnutls_assert();
-		ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-		goto cleanup;
+		if (buf.length != 0) {
+			gnutls_assert();
+			ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+			goto cleanup;
+		}
 	}
 
 	session->internals.hsk_flags &= ~HSK_EARLY_DATA_IN_FLIGHT;
-- 
cgit v1.2.1