commit 3c2b21ed0e182586caab4954517149f5ca44a147
author Jerry Yu <jerry.h.yu@arm.com> Wed Feb 08 16:39:13 2023 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Wed Dec 06 18:14:56 2023 +0800
tree fabbb46827f206ccf95641965cea77a0e1681cce
parent fceddb310e740605b389cf97035b8d9303fb4b58

Enable multi max_early_data_size value for connections

For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c96128b..4ef2494 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -122,7 +122,7 @@
 #define DFL_SNI                 NULL
 #define DFL_ALPN_STRING         NULL
 #define DFL_GROUPS              NULL
-#define DFL_MAX_EARLY_DATA_SIZE 0
+#define DFL_MAX_EARLY_DATA_SIZE NULL
 #define DFL_SIG_ALGS            NULL
 #define DFL_DHM_FILE            NULL
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
@@ -427,11 +427,15 @@
 #define USAGE_ECJPAKE ""
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
+#define ARRAY_LENGTH(a) (sizeof(a)/sizeof(a[0]))
 #if defined(MBEDTLS_SSL_EARLY_DATA)
+
 #define USAGE_EARLY_DATA \
-    "    max_early_data_size=%%d default: -1 (disabled)\n"             \
-    "                            options: -1 (disabled), "           \
-    "                                     >= 0 (enabled, max amount of early data )\n"
+    "    max_early_data_size=%%d default: -1 (disabled)\n"              \
+    "                            The max amount of 0-RTT data for 1st and 2nd connection\n" \
+    "                            format:  1st_connection_value[,2nd_connection_value]\n" \
+    "                            available values:  < 0 (disabled), >= 0 (enabled).\n"             \
+    "                                               The absolute value is the max amount of 0-RTT data.\n"
 #else
 #define USAGE_EARLY_DATA ""
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -556,6 +560,7 @@
     USAGE_GROUPS                                            \
     USAGE_SIG_ALGS                                          \
     USAGE_KEY_OPAQUE_ALGS                                   \
+    USAGE_EARLY_DATA                                        \
     "\n"
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -693,7 +698,7 @@
     const char *cid_val_renego; /* the CID to use for incoming messages
                                  * after renegotiation                      */
     int reproducible;           /* make communication reproducible          */
-    uint32_t max_early_data_size; /* max amount of early data               */
+    const char *max_early_data_size; /* max amount list of early data         */
     int query_config_mode;      /* whether to read config                   */
     int use_srtp;               /* Support SRTP                             */
     int force_srtp_profile;     /* SRTP protection profile to use or all    */
@@ -1609,7 +1614,9 @@
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+    long long max_early_data_size_list[2];
+    size_t max_early_data_size_count = 0;
+    size_t tls13_connection_counter = 0;
 #endif
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
@@ -1979,12 +1986,23 @@
 #endif
 #if defined(MBEDTLS_SSL_EARLY_DATA)
         else if (strcmp(p, "max_early_data_size") == 0) {
-            long long value = atoll(q);
-            tls13_early_data_enabled =
-                value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED :
-                MBEDTLS_SSL_EARLY_DATA_DISABLED;
-            if (tls13_early_data_enabled) {
-                opt.max_early_data_size = atoi(q);
+            char *endptr, *str;
+            opt.max_early_data_size = q;
+            str = endptr = q;
+            for (size_t early_data_size_iter = 0;
+                 early_data_size_iter < ARRAY_LENGTH(max_early_data_size_list);
+                 early_data_size_iter++) {
+                long long value = strtoll(str, &endptr, 0);
+                if (str == endptr || (*endptr != ',' && *endptr != '\0')) {
+                    mbedtls_printf("fail\n illegal digital number for max_early_data_size %s\n",
+                                   endptr);
+                    goto exit;
+                }
+                max_early_data_size_list[max_early_data_size_count++] = value;
+                if (*endptr == '\0') {
+                    break;
+                }
+                str = endptr + 1;
             }
         }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -2806,14 +2824,6 @@
         mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list);
     }
 
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-    mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled);
-    if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
-        mbedtls_ssl_conf_max_early_data_size(
-            &conf, opt.max_early_data_size);
-    }
-#endif /* MBEDTLS_SSL_EARLY_DATA */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
     /* exercise setting DN hints for server certificate request
      * (Intended for use where the client cert expected has been signed by
@@ -3311,6 +3321,17 @@
     mbedtls_printf(" ok\n");
 
 reset:
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    if (tls13_connection_counter < max_early_data_size_count) {
+        long long max_early_data_size = max_early_data_size_list[tls13_connection_counter];
+        mbedtls_ssl_conf_early_data(
+            &conf, max_early_data_size < 0 ? MBEDTLS_SSL_EARLY_DATA_DISABLED :
+            MBEDTLS_SSL_EARLY_DATA_ENABLED);
+        mbedtls_ssl_conf_max_early_data_size(&conf, (uint32_t) llabs(max_early_data_size));
+    }
+    tls13_connection_counter++;
+#endif /* MBEDTLS_SSL_EARLY_DATA */
 #if !defined(_WIN32)
     if (received_sigterm) {
         mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n");