diff options
| author | Daiki Ueno <dueno@redhat.com> | 2018-07-16 11:30:05 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2018-07-24 14:43:16 +0200 |
| commit | 9d1f2253d1181213ea3fcc9357e7c6e181f3feef (patch) | |
| tree | 770d93e1e699e4e53d9756d843b38b8c1c86cc1b /lib/record.c | |
| parent | 1debc409d3f751fcf72da37ee919a1fe8cb435e4 (diff) | |
| download | gnutls-tmp-skip-zero-rtt.tar.gz | |
TLS 1.3: ignore "early_data" extensiontmp-skip-zero-rtt
As 0-RTT is still not implemented in GnuTLS, the server responds with
1-RTT, by skipping decryption failure up to max_early_data_size, as
suggested in 4.2.10 Early Data Detection.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/record.c')
| -rw-r--r-- | lib/record.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/record.c b/lib/record.c index 9b485fd293..ad3913dbf8 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1340,7 +1340,31 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, "Discarded message[%u] due to invalid decryption\n", (unsigned int) _gnutls_uint64touint32(packet_sequence)); + + /* as 0-RTT is not implemented yet, when early data is + * indicated, skip decryption failure up to + * max_early_data_size. */ + if (session->internals.early_data_indicated && + record.type == GNUTLS_APPLICATION_DATA) { + if (record.length > session->security_parameters.max_early_data_size - session->internals.early_data_received) { + _gnutls_record_log + ("REC[%p]: max_early_data_size exceeded\n", + session); + ret = GNUTLS_E_UNEXPECTED_PACKET; + goto sanity_check_error; + } + + session->internals.early_data_received += record.length; + goto discard; + } + goto sanity_check_error; + } else if (session->internals.early_data_indicated) { + /* as 0-RTT is not implemented yet, when the early + * data is indicated and the record is properly + * decrypted, treat it as the start of client's second + * flight. */ + session->internals.early_data_indicated = 0; } if (IS_DTLS(session)) { |