mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-29 04:20:12 +00:00
Update early data doument and config dependencies
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian
parent
ae07cd995a
commit
fe3483f9a1
@ -119,10 +119,6 @@
|
|||||||
#undef MBEDTLS_SSL_EARLY_DATA
|
#undef MBEDTLS_SSL_EARLY_DATA
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_SESSION_TICKETS)
|
|
||||||
#undef MBEDTLS_SSL_EARLY_DATA
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \
|
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \
|
||||||
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
|
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
|
||||||
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
|
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
|
||||||
|
|||||||
@ -842,11 +842,8 @@
|
|||||||
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
|
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Early data requires PSK related mode defined */
|
/* Early data requires MBEDTLS_SSL_SESSION_TICKETS defined */
|
||||||
#if defined(MBEDTLS_SSL_EARLY_DATA) && \
|
#if defined(MBEDTLS_SSL_EARLY_DATA) && !defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
|
|
||||||
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
|
|
||||||
!defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) )
|
|
||||||
#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -1637,15 +1637,12 @@
|
|||||||
*
|
*
|
||||||
* Enable support for RFC 8446 TLS 1.3 early data.
|
* Enable support for RFC 8446 TLS 1.3 early data.
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
|
* Requires: MBEDTLS_SSL_SESSION_TICKETS
|
||||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
|
|
||||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
||||||
*
|
*
|
||||||
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
|
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
* is not enabled or both MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED and
|
* is not enabled or both MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED and
|
||||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled or
|
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled,
|
||||||
* MBEDTLS_SSL_SESSION_TICKETS is not enabled, this option does not have any
|
* this option does not have any effect on the build.
|
||||||
* effect on the build.
|
|
||||||
*
|
*
|
||||||
* This feature is experimental, not completed and thus not ready for
|
* This feature is experimental, not completed and thus not ready for
|
||||||
* production.
|
* production.
|
||||||
|
|||||||
@ -802,15 +802,6 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
/* Define the status of early data.
|
|
||||||
* MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN : Initilized.
|
|
||||||
* MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT: Have sent early data
|
|
||||||
* indication in client hello successfully.
|
|
||||||
* MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT: Have sent client hello without
|
|
||||||
* data indication.
|
|
||||||
* MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED: Server side reject the early data.
|
|
||||||
* MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED: Server side accept the early data.
|
|
||||||
*/
|
|
||||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0
|
#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0
|
||||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1
|
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1
|
||||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2
|
#define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2
|
||||||
@ -822,8 +813,8 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
|
|||||||
|
|
||||||
typedef uint8_t mbedtls_ssl_tls13_ticket_flags;
|
typedef uint8_t mbedtls_ssl_tls13_ticket_flags;
|
||||||
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION ( 1u << 0 )
|
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION ( 1u << 0 )
|
||||||
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION ( 1u << 2 )
|
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION ( 1u << 1 )
|
||||||
#define MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ( 1u << 3 )
|
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1u << 2 )
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -707,7 +707,7 @@ static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl )
|
|||||||
return( ssl->handshake->resume &&
|
return( ssl->handshake->resume &&
|
||||||
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
|
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
|
||||||
( session->ticket_flags &
|
( session->ticket_flags &
|
||||||
MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ) &&
|
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) &&
|
||||||
mbedtls_ssl_tls13_cipher_suite_is_offered(
|
mbedtls_ssl_tls13_cipher_suite_is_offered(
|
||||||
ssl, session->ciphersuite ) );
|
ssl, session->ciphersuite ) );
|
||||||
}
|
}
|
||||||
@ -1184,7 +1184,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
|
|||||||
p += ext_len;
|
p += ext_len;
|
||||||
|
|
||||||
/* Initializes the status to `indication sent`. It will be updated to
|
/* Initializes the status to `indication sent`. It will be updated to
|
||||||
* `accepted` or `rejected` depend on whether the EncryptedExtension
|
* `accepted` or `rejected` depending on whether the EncryptedExtension
|
||||||
* message will contain an early data indication extension or not.
|
* message will contain an early data indication extension or not.
|
||||||
*/
|
*/
|
||||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT;
|
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT;
|
||||||
@ -2553,7 +2553,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
|
|||||||
if( ssl->session != NULL )
|
if( ssl->session != NULL )
|
||||||
{
|
{
|
||||||
ssl->session->ticket_flags |=
|
ssl->session->ticket_flags |=
|
||||||
MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION;
|
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user