diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index f1bb52770..170cbebbe 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -112,10 +112,6 @@ #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ - !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) #undef MBEDTLS_SSL_EARLY_DATA #endif diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4c4bde49b..f932901ec 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -842,8 +842,13 @@ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif -/* Early data requires MBEDTLS_SSL_SESSION_TICKETS defined */ -#if defined(MBEDTLS_SSL_EARLY_DATA) && !defined(MBEDTLS_SSL_SESSION_TICKETS) +/* Early data requires MBEDTLS_SSL_SESSION_TICKETS and SOME_PSK related + * mode defined + */ +#if defined(MBEDTLS_SSL_EARLY_DATA) && \ + ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ + ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ + !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) ) #error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3c4697175..12d503e38 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1637,12 +1637,12 @@ * * Enable support for RFC 8446 TLS 1.3 early data. * -* Requires: MBEDTLS_SSL_SESSION_TICKETS +* Requires: MBEDTLS_SSL_SESSION_TICKETS and either +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or +* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED * * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 -* is not enabled or both MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED and -* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED are disabled, -* this option does not have any effect on the build. +* is not enabled, this option does not have any effect on the build. * * This feature is experimental, not completed and thus not ready for * production. diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index a4dcb92ba..7483f1cd9 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -24,7 +24,6 @@ /* Enable TLS 1.3 and core 1.3 features */ #define MBEDTLS_SSL_PROTO_TLS1_3 -#define MBEDTLS_SSL_EARLY_DATA #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE /* Disable TLS 1.2 and 1.2-specific features */