diff options
Diffstat (limited to 'lib/record.c')
| -rw-r--r-- | lib/record.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/record.c b/lib/record.c index 9b485fd293..ad3913dbf8 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1340,7 +1340,31 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, "Discarded message[%u] due to invalid decryption\n", (unsigned int) _gnutls_uint64touint32(packet_sequence)); + + /* as 0-RTT is not implemented yet, when early data is + * indicated, skip decryption failure up to + * max_early_data_size. */ + if (session->internals.early_data_indicated && + record.type == GNUTLS_APPLICATION_DATA) { + if (record.length > session->security_parameters.max_early_data_size - session->internals.early_data_received) { + _gnutls_record_log + ("REC[%p]: max_early_data_size exceeded\n", + session); + ret = GNUTLS_E_UNEXPECTED_PACKET; + goto sanity_check_error; + } + + session->internals.early_data_received += record.length; + goto discard; + } + goto sanity_check_error; + } else if (session->internals.early_data_indicated) { + /* as 0-RTT is not implemented yet, when the early + * data is indicated and the record is properly + * decrypted, treat it as the start of client's second + * flight. */ + session->internals.early_data_indicated = 0; } if (IS_DTLS(session)) { |