Skip to content

check that we are resuming in write_early_data + minor fixes #9601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 4 commits into from
Jan 8, 2026
Merged

check that we are resuming in write_early_data + minor fixes #9601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d9bba72
tls13: merge guarded code in a single section
rizlik Jan 5, 2026
29941d5
(d)tls13: check if early data is possible in write_early_data
rizlik Jan 5, 2026
7b9d374
tls13: early_data: prevent earlyData reset on re-entry
rizlik Jan 5, 2026
50b39c9
fixup! (d)tls13: check if early data is possible in write_early_data
rizlik Jan 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions doc/dox_comments/header_files/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14430,6 +14430,8 @@ int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
\return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or
not using TLSv1.3.
\return SIDE_ERROR if called with a server.
\return BAD_STATE_E if invoked without a valid session or without a valid
PSK cb
\return WOLFSSL_FATAL_ERROR if the connection is not made.
\return the amount of early data written in bytes if successful.

Expand Down
48 changes: 34 additions & 14 deletions src/tls13.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4322,6 +4322,26 @@ typedef struct Sch13Args {
#endif
} Sch13Args;

#ifdef WOLFSSL_EARLY_DATA
/* Check if early data can potentially be sent.
* Returns 1 if early data is possible, 0 otherwise.
*/
static int EarlyDataPossible(WOLFSSL* ssl)
{
/* Need session resumption OR PSK callback configured */
if (ssl->options.resuming) {
return 1;
}
#ifndef NO_PSK
if (ssl->options.client_psk_tls13_cb != NULL ||
ssl->options.client_psk_cb != NULL) {
return 1;
}
#endif
return 0;
}
#endif /* WOLFSSL_EARLY_DATA */

int SendTls13ClientHello(WOLFSSL* ssl)
{
int ret;
Expand Down Expand Up @@ -4461,14 +4481,8 @@ int SendTls13ClientHello(WOLFSSL* ssl)
case TLS_ASYNC_FINALIZE:
{
#ifdef WOLFSSL_EARLY_DATA
#ifndef NO_PSK
if (!ssl->options.resuming &&
ssl->options.client_psk_tls13_cb == NULL &&
ssl->options.client_psk_cb == NULL)
#else
if (!ssl->options.resuming)
#endif
ssl->earlyData = no_early_data;
if (!EarlyDataPossible(ssl))
ssl->earlyData = no_early_data;
if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE)
ssl->earlyData = no_early_data;
if (ssl->earlyData == no_early_data)
Expand Down Expand Up @@ -5744,15 +5758,13 @@ static int DoTls13EncryptedExtensions(WOLFSSL* ssl, const byte* input,
if (ext == NULL || !ext->val)
ssl->earlyData = no_early_data;
}
#endif

#ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData == no_early_data) {
ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY);
if (ret != 0)
return ret;
}
#endif
#endif /* WOLFSSL_EARLY_DATA */

ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE;

Expand Down Expand Up @@ -14978,8 +14990,9 @@ int wolfSSL_get_max_early_data(WOLFSSL* ssl)
* sz The size of the early data in bytes.
* outSz The number of early data bytes written.
* returns BAD_FUNC_ARG when: ssl, data or outSz is NULL; sz is negative;
* or not using TLS v1.3. SIDE ERROR when not a server. Otherwise the number of
* early data bytes written.
* or not using TLS v1.3. SIDE ERROR when not a server. BAD_STATE_E if invoked
* without a valid session or without a valid PSK CB.
* Otherwise the number of early data bytes written.
*/
int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
{
Expand All @@ -14996,8 +15009,15 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
if (ssl->options.side == WOLFSSL_SERVER_END)
return SIDE_ERROR;

/* Early data requires PSK or session resumption */
if (!EarlyDataPossible(ssl)) {
return BAD_STATE_E;
}

if (ssl->options.handShakeState == NULL_STATE) {
if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
/* avoid re-setting ssl->earlyData if we re-enter the function because
* of WC_PENDING_E, WANT_WRITE or WANT_READ */
if (ssl->error == 0)
ssl->earlyData = expecting_early_data;
ret = wolfSSL_connect_TLSv13(ssl);
if (ret != WOLFSSL_SUCCESS)
Expand Down
3 changes: 2 additions & 1 deletion tests/api/test_tls13.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -764,8 +764,9 @@ int test_tls13_apis(void)
ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#endif
/* invoking without session or psk cbs */
ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_STATE_E));
#endif

ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
Expand Down