fix various issues
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 6640708..e548a21 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -32,7 +32,6 @@
#error "mbed TLS requires a platform with 8-bit chars"
#endif
-/* Need std integer definition for checking max_early_data_size */
#include <stdint.h>
#if defined(_WIN32)
@@ -854,9 +853,9 @@
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \
- ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE <= 0 ) || \
+ ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 ) || \
( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) )
-#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(1..UINT32_MAX)"
+#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)"
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index f33ce60..2172072 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1664,8 +1664,6 @@
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
*
-* Requires: MBEDTLS_SSL_MAX_EARLY_DATA_SIZE >= 0
-*
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
* is not enabled, this option does not have any effect on the build.
*
@@ -1678,9 +1676,13 @@
/**
* \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
*
- * The maximium amount of 0-RTT data(RFC8446 section 4.6.1).
- * It only works when MBEDTLS_SSL_EARLY_DATA is enabled and MUST be in range
- * 1...UINT32_MAX
+ * The default maximum amount of 0-RTT data. See the documentation of
+ * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
*
* This feature is experimental, not completed and thus not ready for
* production.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index edc1a98..7ed735e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1524,14 +1524,12 @@
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
int MBEDTLS_PRIVATE(early_data_enabled); /*!< Early data enablement:
* - MBEDTLS_SSL_EARLY_DATA_DISABLED,
* - MBEDTLS_SSL_EARLY_DATA_ENABLED */
-#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- /* The maximium amount of 0-RTT data. RFC 8446 section 4.6.1 */
+ /* The maximum amount of 0-RTT data. RFC 8446 section 4.6.1 */
uint32_t MBEDTLS_PRIVATE(max_early_data_size);
#endif /* MBEDTLS_SSL_SRV_C */
@@ -1951,7 +1949,6 @@
void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
/**
* \brief Set the early data mode
* Default: disabled on server and client
@@ -1973,19 +1970,27 @@
*/
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
int early_data_enabled );
-#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
/**
- * \brief Set the max_early_data_size parameter.
+ * \brief Set the maximum amount of 0-RTT data in bytes
+ * Default: #MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ * This function sets the value of the max_early_data_size
+ * field of the early data indication extension included in
+ * the NewSessionTicket messages that the server may send.
+ *
+ * The value defines the maximum amount of 0-RTT data
+ * in bytes that a client will be allowed to send when using
+ * one of the tickets defined by the NewSessionTicket messages.
+ *
+ * \note When resuming a session using a ticket, if the server receives more
+ * early data than allowed for the ticket, it terminates the connection.
+ * The maximum amount of 0-RTT data should thus be large enough
+ * to allow a minimum of early data to be exchanged.
*
* \param[in] conf The SSL configuration to use.
* \param[in] max_early_data_size The maximum amount of 0-RTT data.
- * - 0 Disable 0-RTT feature.
- *
- * \note max_early_data_size MUST be smaller than
- * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. Otherwise,
- * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE will be used.
*
* \warning This interface is experimental and may change without notice.
*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 14ffef2..227f884 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1699,13 +1699,11 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
int early_data_enabled )
{
conf->early_data_enabled = early_data_enabled;
}
-#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_tls13_conf_max_early_data_size(
