From 5bc3915013c7c28375055bcb1718c69e98a445cb Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 4 Nov 2024 18:21:27 +0100 Subject: [PATCH] Check epoch for early data --- src/internal.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/src/internal.c b/src/internal.c index 7e7536be58..8e4e83842b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -20641,19 +20641,25 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) #ifdef HAVE_LIBZ byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif +#ifdef WOLFSSL_EARLY_DATA + int isEarlyData = ssl->options.tls1_3 && + ssl->options.handShakeDone == 0 && + ssl->options.side == WOLFSSL_SERVER_END; + int acceptEarlyData = ssl->earlyData != no_early_data && + ssl->options.clientState == CLIENT_HELLO_COMPLETE; +#endif +#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_DTLS13) + if (ssl->options.tls1_3 && ssl->options.dtls) + isEarlyData = isEarlyData && w64Equal(ssl->keys.curEpoch64, + w64From32(0x0, DTLS13_EPOCH_EARLYDATA)); +#endif #ifdef WOLFSSL_EARLY_DATA - if (ssl->options.tls1_3 && ssl->options.handShakeDone == 0 && - ssl->options.side == WOLFSSL_SERVER_END && - ssl->earlyData != no_early_data && - ssl->options.clientState == CLIENT_HELLO_COMPLETE) { + if (isEarlyData && acceptEarlyData) { WOLFSSL_MSG("Processing EarlyData"); } - else if (ssl->options.tls1_3 && ssl->options.handShakeDone == 0 && - ssl->options.side == WOLFSSL_SERVER_END && - !(ssl->earlyData != no_early_data && - ssl->options.clientState == CLIENT_HELLO_COMPLETE)) { + else if (isEarlyData && !acceptEarlyData) { WOLFSSL_MSG("Ignoring EarlyData!"); *inOutIdx += ssl->curSize; if (*inOutIdx > ssl->buffers.inputBuffer.length)