Enforce maximum size of early data in case of HRR

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_msg.c

@@ -4135,7 +4135,12 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
         if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
             MBEDTLS_SSL_DEBUG_MSG(
                 3, ("EarlyData: Ignore application message before 2nd ClientHello"));
-            /* TODO: Add max_early_data_size check here, see issue 6347 */
+
+            ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
+            if (ret != 0) {
+                return ret;
+            }
+
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         } else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) {
             ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;

tests/suites/test_suite_ssl.data

@@ -3327,3 +3327,12 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3
 
 TLS 1.3 srv, max early data size, server rejects, max=97
 tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:97
+
+TLS 1.3 srv, max early data size, HRR, default
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1
+
+TLS 1.3 srv, max early data size, HRR, max=3 (very small)
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3
+
+TLS 1.3 srv, max early data size, HRR, max=97
+tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97

tests/suites/test_suite_ssl.function

@@ -4463,6 +4463,11 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
     mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 };
+    uint16_t group_list[3] = {
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_NONE
+    };
     char pattern[128];
     unsigned char buf_write[64];
     size_t early_data_len = sizeof(buf_write);
@@ -4484,8 +4489,10 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
      */
 
     client_options.pk_alg = MBEDTLS_PK_ECDSA;
+    client_options.group_list = group_list;
     client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
     server_options.pk_alg = MBEDTLS_PK_ECDSA;
+    server_options.group_list = group_list;
     server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
     server_options.max_early_data_size = max_early_data_size_arg;
 
@@ -4512,6 +4519,15 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
             mbedtls_debug_set_threshold(3);
             break;
 
+        case TEST_EARLY_DATA_HRR:
+            server_options.group_list = group_list + 1;
+            ret = mbedtls_snprintf(
+                pattern, sizeof(pattern),
+                "EarlyData: Ignore application message before 2nd ClientHello");
+            TEST_ASSERT(ret < (int) sizeof(pattern));
+            mbedtls_debug_set_threshold(3);
+            break;
+
         default:
             TEST_FAIL("Unknown scenario.");
     }
@@ -4595,7 +4611,8 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg)
                 }
                 break;
 
-            case TEST_EARLY_DATA_SERVER_REJECTS:
+            case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
+            case TEST_EARLY_DATA_HRR:
                 ret = mbedtls_ssl_handshake(&(server_ep.ssl));
                 /*
                  * Can be the case if max_early_data_size is smaller then the