Merge pull request #8884 from ronald-cron-arm/improve-early-data-status
TLS 1.3: CLI: Split early data user status and internal state
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 0a2618a..39bea79 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -741,42 +741,12 @@
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
typedef enum {
/*
- * The client has not sent the first ClientHello yet, it is unknown if the
- * client will send an early data indication extension or not.
- */
- MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN,
-
-/*
* See documentation of mbedtls_ssl_get_early_data_status().
*/
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED,
MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED,
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED,
-
-/*
- * The client has sent an early data indication extension in its first
- * ClientHello, it has not received the response (ServerHello or
- * HelloRetryRequest) from the server yet. The transform to protect early data
- * is not set and early data cannot be sent yet.
- */
- MBEDTLS_SSL_EARLY_DATA_STATUS_SENT,
-
-/*
- * The client has sent an early data indication extension in its first
- * ClientHello, it has not received the response (ServerHello or
- * HelloRetryRequest) from the server yet. The transform to protect early data
- * has been set and early data can be written now.
- */
- MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE,
-
-/*
- * The client has sent an early data indication extension in its first
- * ClientHello, the server has accepted them and the client has received the
- * server Finished message. It cannot send early data to the server anymore.
- */
- MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED,
} mbedtls_ssl_early_data_status;
-
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
/**
@@ -1737,10 +1707,10 @@
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
/**
- * Status of the negotiation of the use of early data. Reset to
- * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN when the context is reset.
+ * State of the negotiation and transfer of early data. Reset to
+ * MBEDTLS_SSL_EARLY_DATA_STATE_IDLE when the context is reset.
*/
- mbedtls_ssl_early_data_status MBEDTLS_PRIVATE(early_data_status);
+ int MBEDTLS_PRIVATE(early_data_state);
#endif
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
@@ -5377,8 +5347,8 @@
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called
* prior to completion of the handshake.
*
- * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT if the client has
- * not indicated the use of early data to the server.
+ * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client
+ * has not indicated the use of early data to the server.
*
* \return #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED if the client has
* indicated the use of early data and the server has accepted
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index a8e3140..4889e77 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -23,6 +23,7 @@
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
const char *mbedtls_ssl_early_data_status_str(mbedtls_ssl_early_data_status in);
+const char *mbedtls_ssl_early_data_state_str(mbedtls_ssl_early_data_state in);
#endif
const char *mbedtls_ssl_protocol_version_str(mbedtls_ssl_protocol_version in);
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 883b988..2ec898b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2153,6 +2153,57 @@
int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl,
size_t early_data_len);
+
+typedef enum {
+/*
+ * The client has not sent the first ClientHello yet, the negotiation of early
+ * data has not started yet.
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATE_IDLE,
+
+/*
+ * In its ClientHello, the client has not included an early data indication
+ * extension.
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT,
+
+/*
+ * The client has sent an early data indication extension in its first
+ * ClientHello, it has not received the response (ServerHello or
+ * HelloRetryRequest) from the server yet. The transform to protect early data
+ * is not set either as for middlebox compatibility a dummy CCS may have to be
+ * sent in clear. Early data cannot be sent to the server yet.
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT,
+
+/*
+ * The client has sent an early data indication extension in its first
+ * ClientHello, it has not received the response (ServerHello or
+ * HelloRetryRequest) from the server yet. The transform to protect early data
+ * has been set and early data can be written now.
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE,
+
+/*
+ * The client has indicated the use of early data and the server has accepted
+ * it.
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED,
+
+/*
+ * The client has indicated the use of early data but the server has rejected
+ * it.
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED,
+
+/*
+ * The client has sent an early data indication extension in its first
+ * ClientHello, the server has accepted them and the client has received the
+ * server Finished message. It cannot send early data to the server anymore.
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED,
+
+} mbedtls_ssl_early_data_state;
#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 4949306..b07cd96 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -6097,21 +6097,21 @@
}
/*
- * If we are at the beginning of the handshake, the early data status being
- * equal to MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN or
- * MBEDTLS_SSL_EARLY_DATA_STATUS_SENT advance the handshake just
+ * If we are at the beginning of the handshake, the early data state being
+ * equal to MBEDTLS_SSL_EARLY_DATA_STATE_IDLE or
+ * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT advance the handshake just
* enough to be able to send early data if possible. That way, we can
* guarantee that when starting the handshake with this function we will
- * send at least one record of early data. Note that when the status is
- * MBEDTLS_SSL_EARLY_DATA_STATUS_SENT and not yet
- * MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE, we cannot send early data yet
+ * send at least one record of early data. Note that when the state is
+ * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT and not yet
+ * MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, we cannot send early data
* as the early data outbound transform has not been set as we may have to
* first send a dummy CCS in clear.
*/
- if ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) ||
- (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT)) {
- while ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) ||
- (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT)) {
+ if ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) ||
+ (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) {
+ while ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) ||
+ (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) {
ret = mbedtls_ssl_handshake_step(ssl);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake_step", ret);
@@ -6133,8 +6133,8 @@
* it too much. If we reach a point where we can still send early data,
* then we will send some.
*/
- if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) &&
- (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) {
+ if ((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) &&
+ (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED)) {
return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA;
}
@@ -6152,8 +6152,8 @@
}
}
- if (((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) &&
- (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED))
+ if (((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) &&
+ (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED))
|| (remaining == 0)) {
return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1bfd180..681ccab 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1096,7 +1096,7 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
#if defined(MBEDTLS_SSL_CLI_C)
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN;
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IDLE;
#endif
#if defined(MBEDTLS_SSL_SRV_C)
ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 88d6c9e..bda77e4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1181,12 +1181,12 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
/* In the first ClientHello, write the early data indication extension if
- * necessary and update the early data status.
+ * necessary and update the early data state.
* If an HRR has been received and thus we are currently writing the
* second ClientHello, the second ClientHello must not contain an early
- * data extension and the early data status must stay as it is:
- * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or
- * MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED.
+ * data extension and the early data state must stay as it is:
+ * MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT or
+ * MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED.
*/
if (!ssl->handshake->hello_retry_request_flag) {
if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) &&
@@ -1199,9 +1199,9 @@
}
p += ext_len;
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SENT;
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT;
} else {
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT;
}
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1239,7 +1239,7 @@
size_t psk_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT) {
+ if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Set hs psk for early data when writing the first psk"));
@@ -1302,7 +1302,7 @@
1, ("Switch to early data keys for outbound traffic"));
mbedtls_ssl_set_outbound_transform(
ssl, ssl->handshake->transform_earlydata);
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE;
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE;
#endif
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1919,7 +1919,7 @@
* cases we compute it here.
*/
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT ||
+ if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT ||
handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL)
#endif
@@ -1975,8 +1975,8 @@
ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id;
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) {
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+ if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) {
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED;
}
#endif
@@ -2238,9 +2238,10 @@
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
- } else if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) {
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED;
+ } else if (ssl->early_data_state !=
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) {
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED;
}
#endif
@@ -2324,16 +2325,16 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- switch (ssl->early_data_status) {
- case MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT:
- return MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
+ switch (ssl->early_data_state) {
+ case MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT:
+ return MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED;
break;
- case MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED:
+ case MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED:
return MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
break;
- case MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED:
+ case MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED:
return MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
break;
@@ -2604,8 +2605,8 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED;
+ if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED) {
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED;
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
} else
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -3123,7 +3124,7 @@
1, ("Switch to early data keys for outbound traffic"));
mbedtls_ssl_set_outbound_transform(
ssl, ssl->handshake->transform_earlydata);
- ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE;
+ ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE;
}
break;
#endif /* MBEDTLS_SSL_EARLY_DATA */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 486bbdd..0ecf65c 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3294,17 +3294,17 @@
TLS 1.3 read early data, discard after HRR
tls13_read_early_data:TEST_EARLY_DATA_HRR
-TLS 1.3 cli, early data status, early data accepted
-tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED
+TLS 1.3 cli, early data state, early data accepted
+tls13_cli_early_data_state:TEST_EARLY_DATA_ACCEPTED
-TLS 1.3 cli, early data status, no early data indication
-tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT
+TLS 1.3 cli, early data state, no early data indication
+tls13_cli_early_data_state:TEST_EARLY_DATA_NO_INDICATION_SENT
-TLS 1.3 cli, early data status, server rejects early data
-tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS
+TLS 1.3 cli, early data state, server rejects early data
+tls13_cli_early_data_state:TEST_EARLY_DATA_SERVER_REJECTS
-TLS 1.3 cli, early data status, hello retry request
-tls13_cli_early_data_status:TEST_EARLY_DATA_HRR
+TLS 1.3 cli, early data state, hello retry request
+tls13_cli_early_data_state:TEST_EARLY_DATA_HRR
TLS 1.3 write early data, early data accepted
tls13_write_early_data:TEST_EARLY_DATA_ACCEPTED
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index ca1135f..8cf2105 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3786,8 +3786,8 @@
(unsigned char *) early_data,
early_data_len);
- if (client_ep.ssl.early_data_status !=
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) {
+ if (client_ep.ssl.early_data_state !=
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) {
TEST_EQUAL(ret, early_data_len);
} else {
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
@@ -3838,7 +3838,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
-void tls13_cli_early_data_status(int scenario)
+void tls13_cli_early_data_state(int scenario)
{
int ret = -1;
mbedtls_test_ssl_endpoint client_ep, server_ep;
@@ -3951,17 +3951,17 @@
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
case TEST_EARLY_DATA_NO_INDICATION_SENT: /* Intentional fallthrough */
case TEST_EARLY_DATA_SERVER_REJECTS:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_IDLE);
break;
case TEST_EARLY_DATA_HRR:
if (!client_ep.ssl.handshake->hello_retry_request_flag) {
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_IDLE);
} else {
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
}
break;
@@ -3974,22 +3974,22 @@
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
case TEST_EARLY_DATA_SERVER_REJECTS:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE);
break;
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
break;
case TEST_EARLY_DATA_HRR:
if (!client_ep.ssl.handshake->hello_retry_request_flag) {
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE);
} else {
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
}
break;
@@ -4002,18 +4002,18 @@
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
case TEST_EARLY_DATA_SERVER_REJECTS:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE);
break;
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
break;
case TEST_EARLY_DATA_HRR:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
default:
@@ -4024,19 +4024,19 @@
case MBEDTLS_SSL_SERVER_FINISHED:
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED);
break;
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
default:
@@ -4046,26 +4046,26 @@
case MBEDTLS_SSL_END_OF_EARLY_DATA:
TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED);
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED);
break;
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED);
break;
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
default:
@@ -4076,19 +4076,19 @@
case MBEDTLS_SSL_CLIENT_FINISHED:
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED);
break;
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
default:
@@ -4102,8 +4102,8 @@
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT);
break;
default:
@@ -4113,21 +4113,21 @@
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR);
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
switch (scenario) {
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
default:
@@ -4141,19 +4141,19 @@
case MBEDTLS_SSL_HANDSHAKE_OVER:
switch (scenario) {
case TEST_EARLY_DATA_ACCEPTED:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED);
break;
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
case TEST_EARLY_DATA_HRR:
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
default:
@@ -4173,7 +4173,7 @@
break;
case TEST_EARLY_DATA_NO_INDICATION_SENT:
- TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED);
break;
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
@@ -4654,8 +4654,8 @@
ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), buf, 1);
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA);
TEST_EQUAL(client_ep.ssl.total_early_data_size, max_early_data_size);
- TEST_EQUAL(client_ep.ssl.early_data_status,
- MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
+ TEST_EQUAL(client_ep.ssl.early_data_state,
+ MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE);
/*
* Now, check data on server side. It is not done in the previous loop as
@@ -4828,8 +4828,8 @@
&(client_ep.ssl), &(server_ep.ssl),
MBEDTLS_SSL_SERVER_HELLO), 0);
- TEST_ASSERT(client_ep.ssl.early_data_status !=
- MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+ TEST_ASSERT(client_ep.ssl.early_data_state !=
+ MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT);
ret = mbedtls_ssl_handshake(&(server_ep.ssl));
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);