fix various issues
- disable reuse of max_early_data_size. - make conf_early_data available for server. - various comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
54dfcb7794
commit
12c46bd14f
4 changed files with 25 additions and 21 deletions
|
@ -32,7 +32,6 @@
|
|||
#error "mbed TLS requires a platform with 8-bit chars"
|
||||
#endif
|
||||
|
||||
/* Need std integer definition for checking max_early_data_size */
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
@ -854,9 +853,9 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
|
||||
( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \
|
||||
( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE <= 0 ) || \
|
||||
( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 ) || \
|
||||
( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) )
|
||||
#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(1..UINT32_MAX)"
|
||||
#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
|
|
|
@ -1664,8 +1664,6 @@
|
|||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_MAX_EARLY_DATA_SIZE >= 0
|
||||
*
|
||||
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
|
||||
* is not enabled, this option does not have any effect on the build.
|
||||
*
|
||||
|
@ -1678,9 +1676,13 @@
|
|||
/**
|
||||
* \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
|
||||
*
|
||||
* The maximium amount of 0-RTT data(RFC8446 section 4.6.1).
|
||||
* It only works when MBEDTLS_SSL_EARLY_DATA is enabled and MUST be in range
|
||||
* 1...UINT32_MAX
|
||||
* The default maximum amount of 0-RTT data. See the documentation of
|
||||
* \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
|
||||
*
|
||||
* It must be positive and smaller than UINT32_MAX.
|
||||
*
|
||||
* If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
|
||||
* have any impact on the build.
|
||||
*
|
||||
* This feature is experimental, not completed and thus not ready for
|
||||
* production.
|
||||
|
|
|
@ -1524,14 +1524,12 @@ struct mbedtls_ssl_config
|
|||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
int MBEDTLS_PRIVATE(early_data_enabled); /*!< Early data enablement:
|
||||
* - MBEDTLS_SSL_EARLY_DATA_DISABLED,
|
||||
* - MBEDTLS_SSL_EARLY_DATA_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/* The maximium amount of 0-RTT data. RFC 8446 section 4.6.1 */
|
||||
/* The maximum amount of 0-RTT data. RFC 8446 section 4.6.1 */
|
||||
uint32_t MBEDTLS_PRIVATE(max_early_data_size);
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
|
@ -1951,7 +1949,6 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
|
|||
void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Set the early data mode
|
||||
* Default: disabled on server and client
|
||||
|
@ -1973,19 +1970,27 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
|
|||
*/
|
||||
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
|
||||
int early_data_enabled );
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/**
|
||||
* \brief Set the max_early_data_size parameter.
|
||||
* \brief Set the maximum amount of 0-RTT data in bytes
|
||||
* Default: #MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
|
||||
*
|
||||
* This function sets the value of the max_early_data_size
|
||||
* field of the early data indication extension included in
|
||||
* the NewSessionTicket messages that the server may send.
|
||||
*
|
||||
* The value defines the maximum amount of 0-RTT data
|
||||
* in bytes that a client will be allowed to send when using
|
||||
* one of the tickets defined by the NewSessionTicket messages.
|
||||
*
|
||||
* \note When resuming a session using a ticket, if the server receives more
|
||||
* early data than allowed for the ticket, it terminates the connection.
|
||||
* The maximum amount of 0-RTT data should thus be large enough
|
||||
* to allow a minimum of early data to be exchanged.
|
||||
*
|
||||
* \param[in] conf The SSL configuration to use.
|
||||
* \param[in] max_early_data_size The maximum amount of 0-RTT data.
|
||||
* - 0 Disable 0-RTT feature.
|
||||
*
|
||||
* \note max_early_data_size MUST be smaller than
|
||||
* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. Otherwise,
|
||||
* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE will be used.
|
||||
*
|
||||
* \warning This interface is experimental and may change without notice.
|
||||
*
|
||||
|
|
|
@ -1699,13 +1699,11 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
|
||||
int early_data_enabled )
|
||||
{
|
||||
conf->early_data_enabled = early_data_enabled;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
void mbedtls_ssl_tls13_conf_max_early_data_size(
|
||||
|
|
Loading…
Reference in a new issue