Update early data doument and config dependencies

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-09 10:45:23 +00:00 · 2022-11-09 10:45:23 +00:00 · fe3483f9a1
commit fe3483f9a1
parent ae07cd995a
5 changed files with 10 additions and 29 deletions
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@ -119,10 +119,6 @@
 #undef MBEDTLS_SSL_EARLY_DATA
 #endif

-#if !defined(MBEDTLS_SSL_SESSION_TICKETS)
-#undef MBEDTLS_SSL_EARLY_DATA
-#endif
-
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \
    defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -842,11 +842,8 @@
        "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
 #endif

-/* Early data requires PSK related mode defined */
-#if defined(MBEDTLS_SSL_EARLY_DATA) && \
-    ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
-      ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
-        !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) )
+/* Early data requires MBEDTLS_SSL_SESSION_TICKETS defined */
+#if defined(MBEDTLS_SSL_EARLY_DATA) && !defined(MBEDTLS_SSL_SESSION_TICKETS)
 #error "MBEDTLS_SSL_EARLY_DATA  defined, but not all prerequisites"
 #endif

--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@ -1637,15 +1637,12 @@
 *
 * Enable support for RFC 8446 TLS 1.3 early data.
 *
-* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
-*           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
-*           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+* Requires: MBEDTLS_SSL_SESSION_TICKETS
 *
 * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
 * is not enabled or both MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED and
-* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled or
-* MBEDTLS_SSL_SESSION_TICKETS is not enabled, this option does not have any
-* effect on the build.
+* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled,
+* this option does not have any effect on the build.
 *
 * This feature is experimental, not completed and thus not ready for
 * production.
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -802,15 +802,6 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
 #endif

 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
-/* Define the status of early data.
- * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN : Initilized.
- * MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT: Have sent early data
- *  indication in client hello successfully.
- * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT: Have sent client hello without
- *  data indication.
- * MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED: Server side reject the early data.
- * MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED: Server side accept the early data.
- */
 #define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN           0
 #define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT          1
 #define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT   2
@ -822,8 +813,8 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;

 typedef uint8_t mbedtls_ssl_tls13_ticket_flags;
 #define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION              ( 1u << 0 )
-#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION    ( 1u << 2 )
-#define MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION          ( 1u << 3 )
+#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION    ( 1u << 1 )
+#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA                  ( 1u << 2 )

 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
 /**
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -707,7 +707,7 @@ static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl )
    return( ssl->handshake->resume &&
            session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
            ( session->ticket_flags &
-              MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ) &&
+              MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) &&
            mbedtls_ssl_tls13_cipher_suite_is_offered(
                ssl, session->ciphersuite ) );
 }
@ -1184,7 +1184,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
        p += ext_len;

        /* Initializes the status to `indication sent`. It will be updated to
-         * `accepted` or `rejected` depend on whether the EncryptedExtension
+         * `accepted` or `rejected` depending on whether the EncryptedExtension
         * message will contain an early data indication extension or not.
         */
        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT;
@ -2553,7 +2553,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
                if( ssl->session != NULL )
                {
                    ssl->session->ticket_flags |=
-                            MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION;
+                            MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
                }
                break;