Add max_early_data_size into ticket

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-12 15:13:20 +08:00 · 2022-12-12 15:13:20 +08:00 · 02e3a074a3
commit 02e3a074a3
parent 9b0c8164eb
2 changed files with 22 additions and 0 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1252,6 +1252,10 @@ struct mbedtls_ssl_session {

 #endif /*  MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    uint32_t MBEDTLS_PRIVATE(max_early_data_size);          /*!< max_early_data_size of ticket */
+#endif
+
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
    int MBEDTLS_PRIVATE(encrypt_then_mac);       /*!< flag for EtM activation                */
 #endif
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2466,6 +2466,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
 *       uint32 ticket_age_add;
 *       uint8 ticket_flags;
 *       opaque resumption_key<0..255>;
+ *       uint32 max_early_data_size;
 *       select ( endpoint ) {
 *            case client: ClientOnlyData;
 *            case server: uint64 start_time;
@ -2498,6 +2499,10 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
    }
    needed += session->resumption_key_len;  /* resumption_key */

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    needed += 4;                            /* max_early_data_size */
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME)
    needed += 8; /* start_time or ticket_received */
 #endif
@ -2537,6 +2542,11 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
    memcpy(p, session->resumption_key, session->resumption_key_len);
    p += session->resumption_key_len;

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0);
+    p += 4;
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
    if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
        MBEDTLS_PUT_UINT64_BE((uint64_t) session->start, p, 0);
@ -2605,6 +2615,14 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session,
    memcpy(session->resumption_key, p, session->resumption_key_len);
    p += session->resumption_key_len;

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    if (end - p < 4) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+    session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0);
+    p += 4;
+#endif
+
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
    if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
        if (end - p < 8) {