Merge pull request #6486 from xkqian/tls13_add_early_data_indication

The merge job of the internal CI ran successfully. This is good to go.
2026-04-04 14:08:39 +00:00 · 2022-11-17 12:48:50 +01:00 · 2022-11-17 12:48:50 +01:00 · d12922a69a
commit d12922a69a
parent 045158cac3 e9622ac4ba
10 changed files with 225 additions and 5 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -64,6 +64,7 @@ int main( void )
 #define DFL_KEY_OPAQUE          0
 #define DFL_KEY_PWD             ""
 #define DFL_PSK                 ""
+#define DFL_EARLY_DATA          MBEDTLS_SSL_EARLY_DATA_DISABLED
 #define DFL_PSK_OPAQUE          0
 #define DFL_PSK_IDENTITY        "Client_identity"
 #define DFL_ECJPAKE_PW          NULL
@ -344,6 +345,14 @@ int main( void )
 #define USAGE_SERIALIZATION ""
 #endif

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#define USAGE_EARLY_DATA \
+    "    early_data=%%d        default: 0 (disabled)\n"      \
+    "                        options: 0 (disabled), 1 (enabled)\n"
+#else
+#define USAGE_EARLY_DATA ""
+#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
+
 #define USAGE_KEY_OPAQUE_ALGS \
    "    key_opaque_algs=%%s  Allowed opaque key algorithms.\n"                      \
    "                        comma-separated pair of values among the following:\n"    \
@ -422,6 +431,7 @@ int main( void )
    USAGE_REPRODUCIBLE                                      \
    USAGE_CURVES                                            \
    USAGE_SIG_ALGS                                          \
+    USAGE_EARLY_DATA                                        \
    USAGE_DHMLEN                                            \
    USAGE_KEY_OPAQUE_ALGS                                   \
    "\n"
@ -533,6 +543,9 @@ struct options
                                 * after renegotiation                      */
    int reproducible;           /* make communication reproducible          */
    int skip_close_notify;      /* skip sending the close_notify alert      */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    int early_data;             /* support for early data                   */
+#endif
    int query_config_mode;      /* whether to read config                   */
    int use_srtp;               /* Support SRTP                             */
    int force_srtp_profile;     /* SRTP protection profile to use or all    */
@ -932,6 +945,9 @@ int main( int argc, char *argv[] )
    opt.alpn_string         = DFL_ALPN_STRING;
    opt.curves              = DFL_CURVES;
    opt.sig_algs            = DFL_SIG_ALGS;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    opt.early_data          = DFL_EARLY_DATA;
+#endif
    opt.transport           = DFL_TRANSPORT;
    opt.hs_to_min           = DFL_HS_TO_MIN;
    opt.hs_to_max           = DFL_HS_TO_MAX;
@ -1189,7 +1205,24 @@ int main( int argc, char *argv[] )
                default: goto usage;
            }
        }
+
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+        else if( strcmp( p, "early_data" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0:
+                    opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+                    break;
+                case 1:
+                    opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+                    break;
+                default: goto usage;
+            }
+        }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
        else if( strcmp( p, "tls13_kex_modes" ) == 0 )
        {
            if( strcmp( q, "psk" ) == 0 )
@ -2091,6 +2124,10 @@ int main( int argc, char *argv[] )
    if( opt.max_version != DFL_MAX_VERSION )
        mbedtls_ssl_conf_max_tls_version( &conf, opt.max_version );

+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    mbedtls_ssl_tls13_conf_early_data( &conf, opt.early_data );
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
    if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned -0x%x\n\n",