commit 2dc95eef506a72b45e6817a3d49e3e474cbd36f2
author Nick Harper <nharper@chromium.org> Tue Oct 29 23:42:56 2024 +0000
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Oct 30 20:31:20 2024 +0000
tree e7aea6688a9a5b659c22893f428d1f024b3bb6e6
parent 18e2504acb5ce91da97bb6d992cd672b4424170c

Don't issue early data capable tickets in DTLS 1.3.

Our DTLS 1.3 implementation doesn't support early data right now, so we
shouldn't issue tickets that indicate we support it, even if early data
is enabled via SSL_(CTX_)set_early_data_enabled.

Bug: 42290594
Change-Id: I0f7f8ca05b45a6b40bf63ba77ab3c0a73df2ae44
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/72667
Commit-Queue: Nick Harper <nharper@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Auto-Submit: Nick Harper <nharper@chromium.org>

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 06f90f4..e31c532 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -1376,7 +1376,7 @@
 
 static bssl::UniquePtr<SSL_CTX> CreateContextWithTestCertificate(
     const SSL_METHOD *method) {
-  bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+  bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(method));
   bssl::UniquePtr<X509> cert = GetTestCertificate();
   bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
   if (!ctx || !cert || !key ||
@@ -9754,5 +9754,32 @@
   EXPECT_NE(SSL_get0_peer_certificates(client.get()), nullptr);
 }
 
+TEST(SSLTest, EarlyDataDisabledInDTLS13) {
+  // Set up some 0-RTT-enabled contexts.
+  bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(DTLS_method()));
+  bssl::UniquePtr<SSL_CTX> server_ctx =
+      CreateContextWithTestCertificate(DTLS_method());
+  ASSERT_TRUE(client_ctx);
+  ASSERT_TRUE(server_ctx);
+
+  SSL_CTX_set_early_data_enabled(client_ctx.get(), true);
+  SSL_CTX_set_early_data_enabled(server_ctx.get(), true);
+  SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
+  SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
+  ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(),
+                                            DTLS1_3_EXPERIMENTAL_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(),
+                                            DTLS1_3_EXPERIMENTAL_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(),
+                                            DTLS1_3_EXPERIMENTAL_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(),
+                                            DTLS1_3_EXPERIMENTAL_VERSION));
+
+  bssl::UniquePtr<SSL_SESSION> session =
+      CreateClientSession(client_ctx.get(), server_ctx.get());
+  ASSERT_TRUE(session);
+  EXPECT_FALSE(SSL_SESSION_early_data_capable(session.get()));
+}
+
 }  // namespace
 BSSL_NAMESPACE_END

ssl/tls13_server.cc

diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 65232f0..a8b0c8b 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -152,9 +152,12 @@
       return false;
     }
     session->ticket_age_add_valid = true;
+    // TODO(crbug.com/42290594): Remove the SSL_is_dtls check once we support
+    // 0-RTT for DTLS 1.3.
     bool enable_early_data =
         ssl->enable_early_data &&
-        (!ssl->quic_method || !ssl->config->quic_early_data_context.empty());
+        (!ssl->quic_method || !ssl->config->quic_early_data_context.empty()) &&
+        !SSL_is_dtls(ssl);
     if (enable_early_data) {
       // QUIC does not use the max_early_data_size parameter and always sets it
       // to a fixed value. See RFC 9001, section 4.6.1.