diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7f5558087..66407083d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -32,6 +32,9 @@ #error "mbed TLS requires a platform with 8-bit chars" #endif +/* Need std integer definition for checking max_early_data_size */ +#include + #if defined(_WIN32) #if !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_C is required on Windows" @@ -849,6 +852,13 @@ #error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \ + ( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \ + ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE <= 0 ) || \ + ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) ) +#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(1..UINT32_MAX)" +#endif + #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) #error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites" diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index c719073c2..f33ce60b7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1664,6 +1664,8 @@ * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED * +* Requires: MBEDTLS_SSL_MAX_EARLY_DATA_SIZE >= 0 +* * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 * is not enabled, this option does not have any effect on the build. * @@ -1673,6 +1675,19 @@ */ //#define MBEDTLS_SSL_EARLY_DATA +/** + * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE + * + * The maximium amount of 0-RTT data(RFC8446 section 4.6.1). + * It only works when MBEDTLS_SSL_EARLY_DATA is enabled and MUST be in range + * 1...UINT32_MAX + * + * This feature is experimental, not completed and thus not ready for + * production. + * + */ +#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 + /** * \def MBEDTLS_SSL_PROTO_DTLS *