fix various issues

- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-12-06 11:02:51 +08:00
parent 54dfcb7794
commit 12c46bd14f
4 changed files with 25 additions and 21 deletions

View file

@ -32,7 +32,6 @@
#error "mbed TLS requires a platform with 8-bit chars"
#endif
/* Need std integer definition for checking max_early_data_size */
#include <stdint.h>
#if defined(_WIN32)
@ -854,9 +853,9 @@
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \
( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE <= 0 ) || \
( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 ) || \
( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) )
#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(1..UINT32_MAX)"
#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)"
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \

View file

@ -1664,8 +1664,6 @@
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
*
* Requires: MBEDTLS_SSL_MAX_EARLY_DATA_SIZE >= 0
*
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
* is not enabled, this option does not have any effect on the build.
*
@ -1678,9 +1676,13 @@
/**
* \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
*
* The maximium amount of 0-RTT data(RFC8446 section 4.6.1).
* It only works when MBEDTLS_SSL_EARLY_DATA is enabled and MUST be in range
* 1...UINT32_MAX
* The default maximum amount of 0-RTT data. See the documentation of
* \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
*
* It must be positive and smaller than UINT32_MAX.
*
* If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
* have any impact on the build.
*
* This feature is experimental, not completed and thus not ready for
* production.

View file

@ -1524,14 +1524,12 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_SSL_EARLY_DATA)
#if defined(MBEDTLS_SSL_CLI_C)
int MBEDTLS_PRIVATE(early_data_enabled); /*!< Early data enablement:
* - MBEDTLS_SSL_EARLY_DATA_DISABLED,
* - MBEDTLS_SSL_EARLY_DATA_ENABLED */
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
/* The maximium amount of 0-RTT data. RFC 8446 section 4.6.1 */
/* The maximum amount of 0-RTT data. RFC 8446 section 4.6.1 */
uint32_t MBEDTLS_PRIVATE(max_early_data_size);
#endif /* MBEDTLS_SSL_SRV_C */
@ -1951,7 +1949,6 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
#if defined(MBEDTLS_SSL_CLI_C)
/**
* \brief Set the early data mode
* Default: disabled on server and client
@ -1973,19 +1970,27 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
*/
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
int early_data_enabled );
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
/**
* \brief Set the max_early_data_size parameter.
* \brief Set the maximum amount of 0-RTT data in bytes
* Default: #MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
*
* This function sets the value of the max_early_data_size
* field of the early data indication extension included in
* the NewSessionTicket messages that the server may send.
*
* The value defines the maximum amount of 0-RTT data
* in bytes that a client will be allowed to send when using
* one of the tickets defined by the NewSessionTicket messages.
*
* \note When resuming a session using a ticket, if the server receives more
* early data than allowed for the ticket, it terminates the connection.
* The maximum amount of 0-RTT data should thus be large enough
* to allow a minimum of early data to be exchanged.
*
* \param[in] conf The SSL configuration to use.
* \param[in] max_early_data_size The maximum amount of 0-RTT data.
* - 0 Disable 0-RTT feature.
*
* \note max_early_data_size MUST be smaller than
* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. Otherwise,
* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE will be used.
*
* \warning This interface is experimental and may change without notice.
*

View file

@ -1699,13 +1699,11 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
#if defined(MBEDTLS_SSL_CLI_C)
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
int early_data_enabled )
{
conf->early_data_enabled = early_data_enabled;
}
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_tls13_conf_max_early_data_size(