Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory
Internal and Open CI merge job ran successfully. Good to go.
This commit is contained in:
Ronald Cron
GitHub
commit
77e15e8a2c
5 changed files with 66 additions and 0 deletions
|
|
@ -112,6 +112,7 @@
|
|||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
#undef MBEDTLS_SSL_EARLY_DATA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \
|
||||
|
|
|
|||
|
|
@ -842,6 +842,13 @@
|
|||
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
|
||||
#endif
|
||||
|
||||
/* Early data requires PSK related mode defined */
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA) && \
|
||||
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED))
|
||||
#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
|
||||
|
|
|
|||
|
|
@ -1632,6 +1632,23 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_EARLY_DATA
|
||||
*
|
||||
* Enable support for RFC 8446 TLS 1.3 early data.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
*
|
||||
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
|
||||
* is not enabled, this option does not have any effect on the build.
|
||||
*
|
||||
* This feature is experimental, not completed and thus not ready for
|
||||
* production.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_DTLS
|
||||
*
|
||||
|
|
|
|||
|
|
@ -329,6 +329,9 @@
|
|||
#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
|
||||
#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
|
||||
|
||||
#define MBEDTLS_SSL_EARLY_DATA_DISABLED 0
|
||||
#define MBEDTLS_SSL_EARLY_DATA_ENABLED 1
|
||||
|
||||
#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
|
||||
#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
|
||||
|
||||
|
|
@ -1496,6 +1499,12 @@ struct mbedtls_ssl_config
|
|||
* is not \c 0. */
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
int MBEDTLS_PRIVATE(early_data_enabled); /*!< Early data enablement:
|
||||
* - MBEDTLS_SSL_EARLY_DATA_DISABLED,
|
||||
* - MBEDTLS_SSL_EARLY_DATA_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
|
||||
#endif
|
||||
|
|
@ -1905,6 +1914,30 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
|
|||
*/
|
||||
void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
/**
|
||||
* \brief Set the early data mode
|
||||
* Default: disabled on server and client
|
||||
*
|
||||
* \param conf The SSL configuration to use.
|
||||
* \param early_data_enabled can be:
|
||||
*
|
||||
* MBEDTLS_SSL_EARLY_DATA_DISABLED: early data functionality is disabled
|
||||
* This is the default on client and server.
|
||||
*
|
||||
* MBEDTLS_SSL_EARLY_DATA_ENABLED: early data functionality is enabled and
|
||||
* may be negotiated in the handshake. Application using
|
||||
* early data functionality needs to be aware of the
|
||||
* lack of replay protection of the early data application
|
||||
* payloads.
|
||||
*
|
||||
* \warning This interface is experimental and may change without notice.
|
||||
*
|
||||
*/
|
||||
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
|
||||
int early_data_enabled );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Set the verification callback (Optional).
|
||||
|
|
|
|||
|
|
@ -1427,6 +1427,14 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
|
|||
{
|
||||
conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
|
||||
int early_data_enabled )
|
||||
{
|
||||
conf->early_data_enabled = early_data_enabled;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
|
|
|||
Loading…
Reference in a new issue