return 0;
}
+ if (s->early_data_state != SSL_EARLY_DATA_NONE
+ && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING
+ && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
+ && s->early_data_state != SSL_EARLY_DATA_READING) {
+ SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
int ret;
return SSL_READ_EARLY_ERROR;
}
- /*
- * TODO(TLS1.3): Somehow we need to check that we're not receiving too much
- * data
- */
-
switch (s->early_data_state) {
case SSL_EARLY_DATA_NONE:
if (!SSL_in_before(s)) {
return 0;
}
-int SSL_get_early_data_status(SSL *s)
+int SSL_get_early_data_status(const SSL *s)
{
return s->ext.early_data;
}
return -1;
}
- if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY
- || s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY)
+ if (s->early_data_state != SSL_EARLY_DATA_NONE
+ && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING
+ && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
+ && s->early_data_state != SSL_EARLY_DATA_WRITING) {
+ SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
+ }
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
int ret;
return 0;
}
- /*
- * TODO(TLS1.3): Somehow we need to check that we're not sending too much
- * data
- */
-
switch (s->early_data_state) {
case SSL_EARLY_DATA_NONE:
- if (!SSL_in_before(s)) {
+ if (!SSL_in_before(s)
+ || s->session == NULL
+ || s->session->ext.max_early_data == 0) {
SSLerr(SSL_F_SSL_WRITE_EARLY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+ /*
+ * Default max early data is a fully loaded single record. Could be split
+ * across multiple records in practice
+ */
+ ret->max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+
return ret;
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
return 1;
}
-uint32_t SSL_CTX_get_max_early_data(SSL_CTX *ctx)
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
{
return ctx->max_early_data;
}
return 1;
}
-uint32_t SSL_get_max_early_data(SSL_CTX *s)
+uint32_t SSL_get_max_early_data(const SSL_CTX *s)
{
return s->max_early_data;
}