Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 7854a4e01947adb30c5d7613f63082e505dfcfad^! / .
commit7854a4e01947adb30c5d7613f63082e505dfcfad[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Sat Nov 05 23:14:47 2022 +0800
committerJerry Yu <jerry.h.yu@arm.com>Thu Dec 01 23:11:48 2022 +0800
treea7ad61e66fb7f34d38b94672b7802e236c16f477
parentcc4e007ff6de20825b8c2234bdf6a5a61e1f5a0e [diff]
Add max_early_data_size option for ssl_sever2

- to set max_early_data_set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 69e6b81..dec50ee 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -129,6 +129,7 @@
 #define DFL_SNI                 NULL
 #define DFL_ALPN_STRING         NULL
 #define DFL_CURVES              NULL
+#define DFL_MAX_EARLY_DATA_SIZE 0
 #define DFL_SIG_ALGS            NULL
 #define DFL_DHM_FILE            NULL
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
@@ -424,6 +425,16 @@
 #define USAGE_ECJPAKE ""
 #endif
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#define USAGE_EARLY_DATA \
+    "    max_early_data_size=%%d default: 0 (disabled)\n"             \
+    "                            options: 0     (disabled), "           \
+    "                                     -1    (enabled, builtin max size), " \
+    "                                     n > 0 (enabled, max amount data for 0-RTT )\n"
+#else
+#define USAGE_EARLY_DATA ""
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_ECP_C)
 #define USAGE_CURVES \
     "    curves=a,b,c,d      default: \"default\" (library default)\n"  \
@@ -680,6 +691,7 @@
     const char *cid_val_renego; /* the CID to use for incoming messages
                                  * after renegotiation                      */
     int reproducible;           /* make communication reproducible          */
+    uint32_t max_early_data_size; /* max amount early data                   */
     int query_config_mode;      /* whether to read config                   */
     int use_srtp;               /* Support SRTP                             */
     int force_srtp_profile;     /* SRTP protection profile to use or all    */
@@ -1695,6 +1707,7 @@
     opt.sni                 = DFL_SNI;
     opt.alpn_string         = DFL_ALPN_STRING;
     opt.curves              = DFL_CURVES;
+    opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
     opt.sig_algs            = DFL_SIG_ALGS;
     opt.dhm_file            = DFL_DHM_FILE;
     opt.transport           = DFL_TRANSPORT;
@@ -1891,6 +1904,12 @@
         else if( strcmp( p, "sig_algs" ) == 0 )
             opt.sig_algs = q;
 #endif
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+        else if( strcmp( p, "max_early_data_size" ) == 0 )
+        {
+            opt.max_early_data_size = atoi( q );
+        }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
         else if( strcmp( p, "renegotiation" ) == 0 )
         {
             opt.renegotiation = (atoi( q )) ?
@@ -2886,6 +2905,10 @@
     if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
         mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    mbedtls_ssl_tls13_conf_max_early_data_size( &conf, opt.max_early_data_size );
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
     /* exercise setting DN hints for server certificate request
      * (Intended for use where the client cert expected has been signed by