Expose max TLS1.3 early data accessors

openssl-sys/src/openssl/v111.rs

@@ -82,4 +82,11 @@ extern "C" {
             cookie_len: size_t
         ) -> c_int>
     );
+
+    pub fn SSL_CTX_set_max_early_data(ctx: *mut ::SSL_CTX, max_early_data: u32) -> c_int;
+    pub fn SSL_CTX_get_max_early_data(ctx: *const ::SSL_CTX) -> u32;
+    pub fn SSL_set_max_early_data(ctx: *mut ::SSL, max_early_data: u32) -> c_int;
+    pub fn SSL_get_max_early_data(ctx: *const ::SSL) -> u32;
+    pub fn SSL_SESSION_set_max_early_data(ctx: *mut ::SSL_SESSION, max_early_data: u32) -> c_int;
+    pub fn SSL_SESSION_get_max_early_data(ctx: *const ::SSL_SESSION) -> u32;
 }

openssl/src/ssl/mod.rs

@@ -1489,6 +1489,24 @@ impl SslContextBuilder {
         }
     }
 
+    /// Sets the maximum amount of early data that will be accepted on incoming connections.
+    ///
+    /// Defaults to 0.
+    ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    ///
+    /// This corresponds to [`SSL_CTX_set_max_early_data`].
+    ///
+    /// [`SSL_CTX_set_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_max_early_data.html
+    #[cfg(ossl111)]
+    pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> {
+        if unsafe { ffi::SSL_CTX_set_max_early_data(self.as_ptr(), bytes) } == 1 {
+            Ok(())
+        } else {
+            Err(ErrorStack::get())
+        }
+    }
+
     /// Consumes the builder, returning a new `SslContext`.
     pub fn build(self) -> SslContext {
         self.0
@@ -1643,6 +1661,18 @@ impl SslContextRef {
             }
         }
     }
+
+    /// Gets the maximum amount of early data that will be accepted on incoming connections.
+    ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    ///
+    /// This corresponds to [`SSL_CTX_get_max_early_data`].
+    ///
+    /// [`SSL_CTX_get_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_early_data.html
+    #[cfg(ossl111)]
+    pub fn max_early_data(&self) -> u32 {
+        unsafe { ffi::SSL_CTX_get_max_early_data(self.as_ptr()) }
+    }
 }
 
 /// Information about the state of a cipher.
@@ -1873,6 +1903,18 @@ impl SslSessionRef {
         unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) }
     }
 
+    /// Gets the maximum amount of early data that can be sent on this session.
+    ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    ///
+    /// This corresponds to [`SSL_SESSION_get_max_early_data`].
+    ///
+    /// [`SSL_SESSION_get_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_max_early_data.html
+    #[cfg(ossl111)]
+    pub fn max_early_data(&self) -> u32 {
+        unsafe { ffi::SSL_SESSION_get_max_early_data(self.as_ptr()) }
+    }
+
     to_der! {
         /// Serializes the session into a DER-encoded structure.
         ///
@@ -2594,6 +2636,34 @@ impl SslRef {
             }
         }
     }
+
+    /// Sets the maximum amount of early data that will be accepted on this connection.
+    ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    ///
+    /// This corresponds to [`SSL_set_max_early_data`].
+    ///
+    /// [`SSL_set_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_set_max_early_data.html
+    #[cfg(ossl111)]
+    pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack> {
+        if unsafe { ffi::SSL_set_max_early_data(self.as_ptr(), bytes) } == 1 {
+            Ok(())
+        } else {
+            Err(ErrorStack::get())
+        }
+    }
+
+    /// Gets the maximum amount of early data that can be sent on this connection.
+    ///
+    /// Requires OpenSSL 1.1.1 or newer.
+    ///
+    /// This corresponds to [`SSL_get_max_early_data`].
+    ///
+    /// [`SSL_get_max_early_data`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_max_early_data.html
+    #[cfg(ossl111)]
+    pub fn max_early_data(&self) -> u32 {
+        unsafe { ffi::SSL_get_max_early_data(self.as_ptr()) }
+    }
 }
 
 /// An SSL stream midway through the handshake process.