fix various issues
- Improve comments - Align count variable name to `new_session_tickets_count` - move tickets_count init to handshake init Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
7a51305478
commit
d0766eca58
@ -1337,7 +1337,7 @@ struct mbedtls_ssl_config
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
uint16_t MBEDTLS_PRIVATE(new_session_tickets); /*!< number of NewSessionTicket */
|
||||
uint16_t MBEDTLS_PRIVATE(new_session_tickets_count); /*!< number of NewSessionTicket */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
@ -4137,10 +4137,10 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
|
||||
defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/**
|
||||
* \brief Number of NewSessionTicket message that sent by server.
|
||||
* \brief Number of NewSessionTicket messages for the server to send
|
||||
* after handshake completion.
|
||||
* (Default: MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS)
|
||||
*
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param num_tickets Number of NewSessionTicket.
|
||||
*
|
||||
|
||||
@ -625,7 +625,7 @@ struct mbedtls_ssl_handshake_params
|
||||
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
int tls13_session_tickets; /*!< number of session tickets */
|
||||
int new_session_tickets_count; /*!< number of session tickets */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
|
||||
@ -674,6 +674,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
mbedtls_pk_init( &handshake->peer_pubkey );
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
|
||||
@ -763,6 +764,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||
mbedtls_ssl_transform_init( ssl->transform_negotiate );
|
||||
ssl_handshake_params_init( ssl->handshake );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
ssl->handshake->new_session_tickets_count =
|
||||
ssl->conf->new_session_tickets_count ;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
@ -2612,11 +2620,11 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
|
||||
uint16_t num_tickets )
|
||||
{
|
||||
conf->new_session_tickets = num_tickets;
|
||||
conf->new_session_tickets_count = num_tickets;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -4653,7 +4661,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
mbedtls_ssl_conf_new_session_tickets(
|
||||
conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
|
||||
#endif
|
||||
|
||||
@ -2617,10 +2617,23 @@ MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
/* Check whether the use of session tickets is enabled */
|
||||
if( ssl->conf->f_ticket_write == NULL ||
|
||||
ssl->handshake->tls13_session_tickets == 0 )
|
||||
if( ssl->conf->f_ticket_write == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
|
||||
" callback is not set" ) );
|
||||
return( SSL_NEW_SESSION_TICKET_SKIP );
|
||||
}
|
||||
if( ssl->conf->new_session_tickets_count == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
|
||||
" configured count is zero" ) );
|
||||
return( SSL_NEW_SESSION_TICKET_SKIP );
|
||||
}
|
||||
|
||||
if( ssl->handshake->new_session_tickets_count == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have "
|
||||
"been sent." ) );
|
||||
return( SSL_NEW_SESSION_TICKET_SKIP );
|
||||
}
|
||||
|
||||
@ -2642,9 +2655,9 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) );
|
||||
|
||||
if( ssl->handshake->resume == 1 )
|
||||
ssl->handshake->tls13_session_tickets = 0;
|
||||
ssl->handshake->new_session_tickets_count = 0;
|
||||
else
|
||||
ssl->handshake->tls13_session_tickets--;
|
||||
ssl->handshake->new_session_tickets_count--;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
session->start = mbedtls_time( NULL );
|
||||
#endif
|
||||
@ -2890,12 +2903,6 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||
/* start state */
|
||||
case MBEDTLS_SSL_HELLO_REQUEST:
|
||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
ssl->handshake->tls13_session_tickets =
|
||||
ssl->conf->new_session_tickets ?
|
||||
ssl->conf->new_session_tickets :
|
||||
MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS;
|
||||
#endif
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
@ -3014,7 +3021,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||
*/
|
||||
ret = 0;
|
||||
|
||||
if( ssl->handshake->tls13_session_tickets == 0 )
|
||||
if( ssl->handshake->new_session_tickets_count == 0 )
|
||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
|
||||
else
|
||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );
|
||||
|
||||
Loading…
Reference in New Issue
Block a user