From 02e3a074a35cb1cc0e2319f160e17013a7a40062 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 12 Dec 2022 15:13:20 +0800
Subject: [PATCH 1/5] Add max_early_data_size into ticket

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h |  4 ++++
 library/ssl_tls.c     | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index debb1cc2c1..ad5fbc57ac 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1252,6 +1252,10 @@ struct mbedtls_ssl_session {
 
 #endif /*  MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    uint32_t MBEDTLS_PRIVATE(max_early_data_size);          /*!< max_early_data_size of ticket */
+#endif
+
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
     int MBEDTLS_PRIVATE(encrypt_then_mac);       /*!< flag for EtM activation                */
 #endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d3a7ddb42f..2c88da59b3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2466,6 +2466,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
  *       uint32 ticket_age_add;
  *       uint8 ticket_flags;
  *       opaque resumption_key<0..255>;
+ *       uint32 max_early_data_size;
  *       select ( endpoint ) {
  *            case client: ClientOnlyData;
  *            case server: uint64 start_time;
@@ -2498,6 +2499,10 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
     }
     needed += session->resumption_key_len;  /* resumption_key */
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    needed += 4;                            /* max_early_data_size */
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME)
     needed += 8; /* start_time or ticket_received */
 #endif
@@ -2537,6 +2542,11 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
     memcpy(p, session->resumption_key, session->resumption_key_len);
     p += session->resumption_key_len;
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0);
+    p += 4;
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
     if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
         MBEDTLS_PUT_UINT64_BE((uint64_t) session->start, p, 0);
@@ -2605,6 +2615,14 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session,
     memcpy(session->resumption_key, p, session->resumption_key_len);
     p += session->resumption_key_len;
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    if (end - p < 4) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+    session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0);
+    p += 4;
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
     if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
         if (end - p < 8) {

From 33bf240e53447d92269e2e8670d595bff1fca7a6 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 12 Dec 2022 16:01:43 +0800
Subject: [PATCH 2/5] Add max_early_data_size into copy list

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_server.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index b8201f086e..3e6c0385dc 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -467,6 +467,10 @@ static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
     }
     memcpy(dst->resumption_key, src->resumption_key, src->resumption_key_len);
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    dst->max_early_data_size = src->max_early_data_size;
+#endif
+
     return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */

From 34e9516cb69225c0e50c8257f1461c5aaf63d0b4 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 12 Dec 2022 15:14:56 +0800
Subject: [PATCH 3/5] Add unit test for max_early_data_size of ticket

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 tests/src/test_helpers/ssl_helpers.c | 4 ++++
 tests/suites/test_suite_ssl.function | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 5c305cb0a0..a55d067010 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -1638,6 +1638,10 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session,
     session->resumption_key_len = 32;
     memset(session->resumption_key, 0x99, sizeof(session->resumption_key));
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    session->max_early_data_size = 0x87654321;
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME)
     if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
         session->start = mbedtls_time(NULL) - 42;
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index eb2407d2e5..07f1d97efc 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2042,6 +2042,12 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file,
                                restored.resumption_key,
                                original.resumption_key_len) == 0);
         }
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+        TEST_ASSERT(
+            original.max_early_data_size == restored.max_early_data_size);
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
         if (endpoint_type == MBEDTLS_SSL_IS_SERVER) {
             TEST_ASSERT(original.start == restored.start);

From 6c485dad44d66d15db34d233db8ea5a96de1198c Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 15 Nov 2023 10:18:47 +0800
Subject: [PATCH 4/5] improve document

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index ad5fbc57ac..8e187dd49c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1253,7 +1253,7 @@ struct mbedtls_ssl_session {
 #endif /*  MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    uint32_t MBEDTLS_PRIVATE(max_early_data_size);          /*!< max_early_data_size of ticket */
+    uint32_t MBEDTLS_PRIVATE(max_early_data_size);          /*!< maximum amount of early data in tickets */
 #endif
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
@@ -2042,6 +2042,10 @@ void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf,
  *
  * \warning This interface is experimental and may change without notice.
  *
+ * \warning This interface DOES NOT influence/limit the amount of early data
+ *          that can be received with tickets that were previously created and
+ *          emitted and that clients may have stored.
+ *
  */
 void mbedtls_ssl_tls13_conf_max_early_data_size(
     mbedtls_ssl_config *conf, uint32_t max_early_data_size);

From fedaeb21b34b21adb8ae8818d758d3c706e3a4ea Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 15 Nov 2023 13:59:07 +0800
Subject: [PATCH 5/5] improve document

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 8e187dd49c..07a74a4908 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2043,8 +2043,8 @@ void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf,
  * \warning This interface is experimental and may change without notice.
  *
  * \warning This interface DOES NOT influence/limit the amount of early data
- *          that can be received with tickets that were previously created and
- *          emitted and that clients may have stored.
+ *          that can be received through previously created and issued tickets,
+ *          which clients may have stored.
  *
  */
 void mbedtls_ssl_tls13_conf_max_early_data_size(