Merge pull request #4581 from miyazakh/max_earlydata

add get_max_eraly_data

src/tls13.c

@@ -9616,7 +9616,12 @@ int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx, unsigned int sz)
 
     ctx->maxEarlyDataSz = sz;
 
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    /* 1 on success in OpenSSL*/
+    return WOLFSSL_SUCCESS;
+#else
     return 0;
+#endif
 }
 
 /* Sets the maximum amount of early data that can be seen by server when using
@@ -9637,8 +9642,51 @@ int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz)
         return SIDE_ERROR;
 
     ssl->options.maxEarlyDataSz = sz;
-
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    /* 1 on success in OpenSSL*/
+    return WOLFSSL_SUCCESS;
+#else
     return 0;
+#endif
+}
+
+/* Gets the maximum amount of early data that can be seen by server when using
+ * session tickets for resumption.
+ * A value of zero indicates no early data is to be sent by client using session
+ * tickets.
+ *
+ * ctx  The SSL/TLS CTX object.
+ * returns BAD_FUNC_ARG when ctx is NULL, SIDE_ERROR when not a server and
+ * returns the maximum amount of early data to be set
+ */
+int wolfSSL_CTX_get_max_early_data(WOLFSSL_CTX* ctx)
+{
+    if (ctx == NULL || !IsAtLeastTLSv1_3(ctx->method->version))
+        return BAD_FUNC_ARG;
+    if (ctx->method->side == WOLFSSL_CLIENT_END)
+        return SIDE_ERROR;
+
+    return ctx->maxEarlyDataSz;
+}
+
+/* Gets the maximum amount of early data that can be seen by server when using
+ * session tickets for resumption.
+ * A value of zero indicates no early data is to be sent by client using session
+ * tickets.
+ *
+ * ssl  The SSL/TLS object.
+ * returns BAD_FUNC_ARG when ssl is NULL, or not using TLS v1.3,
+ * SIDE_ERROR when not a server and 
+ * returns the maximum amount of early data to be set
+ */
+int wolfSSL_get_max_early_data(WOLFSSL* ssl)
+{
+    if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
+        return BAD_FUNC_ARG;
+    if (ssl->options.side == WOLFSSL_CLIENT_END)
+        return SIDE_ERROR;
+
+    return ssl->options.maxEarlyDataSz;
 }
 
 /* Write early data to the server.

tests/api.c

@@ -46971,28 +46971,78 @@ static int test_tls13_apis(void)
 #endif /* HAVE_ECC */
 
 #ifdef WOLFSSL_EARLY_DATA
+#ifndef OPENSSL_EXTRA
     AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
+    AssertIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+#else
+    AssertIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
+    AssertIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+#endif
 #ifndef NO_WOLFSSL_CLIENT
+#ifndef OPENSSL_EXTRA
     AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
+    AssertIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+#else
+    AssertIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
+    AssertIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+#endif
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
+#ifndef OPENSSL_EXTRA
     AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
                 BAD_FUNC_ARG);
+    AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+#else
+    AssertIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
+                BAD_FUNC_ARG);
+    AssertIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+#endif
+#endif
+#ifndef OPENSSL_EXTRA
+    AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
+    AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
+#else
+    AssertIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
+    AssertIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32);
 #endif
-    AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0);
 #endif
 
+#ifndef OPENSSL_EXTRA
     AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
+    AssertIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+#else
+    AssertIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
+    AssertIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+#endif
 #ifndef NO_WOLFSSL_CLIENT
+#ifndef OPENSSL_EXTRA
     AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
+    AssertIntEQ(wolfSSL_get_max_early_data(clientSsl), SIDE_ERROR);
+#else
+    AssertIntEQ(SSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
+    AssertIntEQ(SSL_get_max_early_data(clientSsl), SIDE_ERROR);
+#endif
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
+#ifndef OPENSSL_EXTRA
     AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
+    AssertIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
+#else
+    AssertIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
+    AssertIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
 #endif
-    AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0);
 #endif
+#ifndef OPENSSL_EXTRA
+    AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
+    AssertIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
+#else
+    AssertIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);
+    AssertIntEQ(SSL_get_max_early_data(serverSsl), 16);
+#endif
+#endif
+
 
     AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
                                          &outSz), BAD_FUNC_ARG);

wolfssl/openssl/ssl.h

@@ -1540,7 +1540,15 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_do_handshake                wolfSSL_SSL_do_handshake
 
 #if defined(WOLFSSL_EARLY_DATA)
+#define SSL_EARLY_DATA_NOT_SENT         WOLFSSL_EARLY_DATA_NOT_SENT
+#define SSL_EARLY_DATA_REJECTED         WOLFSSL_EARLY_DATA_REJECTED
+#define SSL_EARLY_DATA_ACCEPTED         WOLFSSL_EARLY_DATA_ACCEPTED
+
 #define SSL_get_early_data_status       wolfSSL_get_early_data_status
+#define SSL_set_max_early_data          wolfSSL_set_max_early_data
+#define SSL_get_max_early_data          wolfSSL_get_max_early_data
+#define SSL_CTX_set_max_early_data      wolfSSL_CTX_set_max_early_data
+#define SSL_CTX_get_max_early_data      wolfSSL_CTX_get_max_early_data
 #endif
 
 #endif  /* OPENSSL_EXTRA */

wolfssl/ssl.h

@@ -1076,6 +1076,8 @@ WOLFSSL_API int  wolfSSL_accept_TLSv13(WOLFSSL*);
 WOLFSSL_API int  wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
                                                 unsigned int sz);
 WOLFSSL_API int  wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
+WOLFSSL_API int  wolfSSL_CTX_get_max_early_data(WOLFSSL_CTX* ctx);
+WOLFSSL_API int  wolfSSL_get_max_early_data(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
                                           int sz, int* outSz);
 WOLFSSL_API int  wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,