fix various issues

- disable reuse of max_early_data_size. - make conf_early_data available for server. - various comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-11-21 12:40:51 +03:00 · 2022-12-06 11:02:51 +08:00
parent 54dfcb7794
commit 12c46bd14f
4 changed files with 25 additions and 21 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1524,14 +1524,12 @@ struct mbedtls_ssl_config
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */

 #if defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
    int MBEDTLS_PRIVATE(early_data_enabled);     /*!< Early data enablement:
                                                  *   - MBEDTLS_SSL_EARLY_DATA_DISABLED,
                                                  *   - MBEDTLS_SSL_EARLY_DATA_ENABLED */
-#endif /* MBEDTLS_SSL_CLI_C */

 #if defined(MBEDTLS_SSL_SRV_C)
-    /* The maximium amount of 0-RTT data. RFC 8446 section 4.6.1 */
+    /* The maximum amount of 0-RTT data. RFC 8446 section 4.6.1 */
    uint32_t MBEDTLS_PRIVATE(max_early_data_size);
 #endif /* MBEDTLS_SSL_SRV_C */

@@ -1951,7 +1949,6 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );

 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
-#if defined(MBEDTLS_SSL_CLI_C)
 /**
 * \brief    Set the early data mode
 *           Default: disabled on server and client
@@ -1973,19 +1970,27 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
 */
 void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
                                        int early_data_enabled );
-#endif /* MBEDTLS_SSL_CLI_C */

 #if defined(MBEDTLS_SSL_SRV_C)
 /**
- * \brief Set the max_early_data_size parameter.
+ * \brief Set the maximum amount of 0-RTT data in bytes
+ *        Default:  #MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ *        This function sets the value of the max_early_data_size
+ *        field of the early data indication extension included in
+ *        the NewSessionTicket messages that the server may send.
+ *
+ *        The value defines the maximum amount of 0-RTT data
+ *        in bytes that a client will be allowed to send when using
+ *        one of the tickets defined by the NewSessionTicket messages.
+ *
+ * \note When resuming a session using a ticket, if the server receives more
+ *       early data than allowed for the ticket, it terminates the connection.
+ *       The maximum amount of 0-RTT data should thus be large enough
+ *       to allow a minimum of early data to be exchanged.
 *
 * \param[in] conf                  The SSL configuration to use.
 * \param[in] max_early_data_size   The maximum amount of 0-RTT data.
- *                                  - 0 Disable 0-RTT feature.
- *
- * \note    max_early_data_size MUST be smaller than
- *          MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. Otherwise,
- *          MBEDTLS_SSL_MAX_EARLY_DATA_SIZE will be used.
 *
 * \warning This interface is experimental and may change without notice.
 *