ssl_server2: Split early data enablement from max_early_data_size setting

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

programs/ssl/ssl_server2.c

@@ -122,7 +122,8 @@ int main(void)
 #define DFL_SNI                 NULL
 #define DFL_ALPN_STRING         NULL
 #define DFL_GROUPS              NULL
-#define DFL_MAX_EARLY_DATA_SIZE 0
+#define DFL_EARLY_DATA          -1
+#define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1)
 #define DFL_SIG_ALGS            NULL
 #define DFL_DHM_FILE            NULL
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
@@ -429,9 +430,10 @@ int main(void)
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
 #define USAGE_EARLY_DATA \
-    "    max_early_data_size=%%d default: -1 (disabled)\n"             \
+    "    early_data=%%d      default: library default\n" \
-    "                            options: -1 (disabled), "           \
+    "                        options: 0 (disabled), 1 (enabled)\n" \
-    "                                     >= 0 (enabled, max amount of early data )\n"
+    "    max_early_data_size=%%d default: library default\n" \
+    "                            options: max amount of early data\n"
 #else
 #define USAGE_EARLY_DATA ""
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -694,7 +696,10 @@ struct options {
     const char *cid_val_renego; /* the CID to use for incoming messages
                                  * after renegotiation                      */
     int reproducible;           /* make communication reproducible          */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    int early_data;               /* early data enablement flag             */
     uint32_t max_early_data_size; /* max amount of early data               */
+#endif
     int query_config_mode;      /* whether to read config                   */
     int use_srtp;               /* Support SRTP                             */
     int force_srtp_profile;     /* SRTP protection profile to use or all    */
@@ -1609,10 +1614,6 @@ int main(int argc, char *argv[])
     };
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-    int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED;
-#endif
-
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
 #if defined(MBEDTLS_MEMORY_DEBUG)
@@ -1747,7 +1748,10 @@ int main(int argc, char *argv[])
     opt.sni                 = DFL_SNI;
     opt.alpn_string         = DFL_ALPN_STRING;
     opt.groups              = DFL_GROUPS;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    opt.early_data          = DFL_EARLY_DATA;
     opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
+#endif
     opt.sig_algs            = DFL_SIG_ALGS;
     opt.dhm_file            = DFL_DHM_FILE;
     opt.transport           = DFL_TRANSPORT;
@@ -1980,14 +1984,18 @@ usage:
         }
 #endif
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-        else if (strcmp(p, "max_early_data_size") == 0) {
+        else if (strcmp(p, "early_data") == 0) {
-            long long value = atoll(q);
+            switch (atoi(q)) {
-            tls13_early_data_enabled =
+                case 0:
-                value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED :
+                    opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
-                MBEDTLS_SSL_EARLY_DATA_DISABLED;
+                    break;
-            if (tls13_early_data_enabled) {
+                case 1:
-                opt.max_early_data_size = atoi(q);
+                    opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+                    break;
+                default: goto usage;
             }
+        } else if (strcmp(p, "max_early_data_size") == 0) {
+            opt.max_early_data_size = (uint32_t) atoll(q);
         }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
         else if (strcmp(p, "renegotiation") == 0) {
@@ -2805,8 +2813,10 @@ usage:
     }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled);
+    if (opt.early_data != DFL_EARLY_DATA) {
-    if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
+        mbedtls_ssl_conf_early_data(&conf, opt.early_data);
+    }
+    if (opt.max_early_data_size != DFL_MAX_EARLY_DATA_SIZE) {
         mbedtls_ssl_conf_max_early_data_size(
             &conf, opt.max_early_data_size);
     }

tests/opt-testcases/tls13-misc.sh

@@ -523,7 +523,7 @@ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS
 requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
-         "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+         "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
          "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \
                       -d 10 -r --earlydata $EARLY_DATA_INPUT " \
          0 \
@@ -542,7 +542,7 @@ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
-         "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=1024" \
+         "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
          "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
          0 \
          -s "key exchange mode: ephemeral" \