fix various issues

- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

include/mbedtls/check_config.h

@@ -32,7 +32,6 @@
 #error "mbed TLS requires a platform with 8-bit chars"
 #endif
 
-/* Need std integer definition for checking max_early_data_size */
 #include <stdint.h>
 
 #if defined(_WIN32)
@@ -854,9 +853,9 @@
 
 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
     ( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE)     || \
-      ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE <= 0 )      || \
+      ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 )       || \
       ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) )
-#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(1..UINT32_MAX)"
+#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)"
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)     && \

include/mbedtls/mbedtls_config.h

@@ -1664,8 +1664,6 @@
 *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
 *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 *
-* Requires: MBEDTLS_SSL_MAX_EARLY_DATA_SIZE >= 0
-*
 * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
 * is not enabled, this option does not have any effect on the build.
 *
@@ -1678,9 +1676,13 @@
 /**
  * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
  *
- * The maximium amount of 0-RTT data(RFC8446 section 4.6.1).
+ * The default maximum amount of 0-RTT data. See the documentation of
- * It only works when MBEDTLS_SSL_EARLY_DATA is enabled and MUST be in range
+ * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
- * 1...UINT32_MAX
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
  *
  * This feature is experimental, not completed and thus not ready for
  * production.

include/mbedtls/ssl.h

@@ -1524,14 +1524,12 @@ struct mbedtls_ssl_config
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
     int MBEDTLS_PRIVATE(early_data_enabled);     /*!< Early data enablement:
                                                   *   - MBEDTLS_SSL_EARLY_DATA_DISABLED,
                                                   *   - MBEDTLS_SSL_EARLY_DATA_ENABLED */
-#endif /* MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_SRV_C)
-    /* The maximium amount of 0-RTT data. RFC 8446 section 4.6.1 */
+    /* The maximum amount of 0-RTT data. RFC 8446 section 4.6.1 */
     uint32_t MBEDTLS_PRIVATE(max_early_data_size);
 #endif /* MBEDTLS_SSL_SRV_C */
 
@@ -1951,7 +1949,6 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
 /**
 * \brief    Set the early data mode
 *           Default: disabled on server and client
@@ -1973,19 +1970,27 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
 */
 void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
                                         int early_data_enabled );
-#endif /* MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_SRV_C)
 /**
- * \brief Set the max_early_data_size parameter.
+ * \brief Set the maximum amount of 0-RTT data in bytes
+ *        Default:  #MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ *        This function sets the value of the max_early_data_size
+ *        field of the early data indication extension included in
+ *        the NewSessionTicket messages that the server may send.
+ *
+ *        The value defines the maximum amount of 0-RTT data
+ *        in bytes that a client will be allowed to send when using
+ *        one of the tickets defined by the NewSessionTicket messages.
+ *
+ * \note When resuming a session using a ticket, if the server receives more
+ *       early data than allowed for the ticket, it terminates the connection.
+ *       The maximum amount of 0-RTT data should thus be large enough
+ *       to allow a minimum of early data to be exchanged.
  *
  * \param[in] conf                  The SSL configuration to use.
  * \param[in] max_early_data_size   The maximum amount of 0-RTT data.
- *                                  - 0 Disable 0-RTT feature.
- *
- * \note    max_early_data_size MUST be smaller than
- *          MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. Otherwise,
- *          MBEDTLS_SSL_MAX_EARLY_DATA_SIZE will be used.
  *
  * \warning This interface is experimental and may change without notice.
  *

library/ssl_tls.c

@@ -1699,13 +1699,11 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
 }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
 void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
                                         int early_data_enabled )
 {
     conf->early_data_enabled = early_data_enabled;
 }
-#endif /* MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_SRV_C)
 void mbedtls_ssl_tls13_conf_max_early_data_size(