Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
Harmonise the names and return values of check functions in TLS code
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 270db41..d585ca5 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -609,7 +609,7 @@
int ssl_write_supported_groups_ext_flags = 0;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
- if (propose_tls13 && mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+ if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) {
ssl_write_supported_groups_ext_flags |=
SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG;
}
@@ -637,7 +637,7 @@
int write_sig_alg_ext = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
write_sig_alg_ext = write_sig_alg_ext ||
- (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl));
+ (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl));
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
write_sig_alg_ext = write_sig_alg_ext || propose_tls12;
@@ -668,7 +668,7 @@
/* The "pre_shared_key" extension (RFC 8446 Section 4.2.11)
* MUST be the last extension in the ClientHello.
*/
- if (propose_tls13 && mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) {
+ if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) {
ret = mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
ssl, p, end, &output_len, binders_len);
if (ret != 0) {
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a8afd42..a0724e0 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1914,89 +1914,89 @@
/*
* Helper functions around key exchange modes.
*/
-static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes(mbedtls_ssl_context *ssl,
- int kex_mode_mask)
+static inline int mbedtls_ssl_conf_tls13_is_kex_mode_enabled(mbedtls_ssl_context *ssl,
+ int kex_mode_mask)
{
return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0;
}
-static inline int mbedtls_ssl_conf_tls13_psk_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_conf_tls13_is_psk_enabled(mbedtls_ssl_context *ssl)
{
- return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
+ return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
}
-static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
+ return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
}
-static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_conf_tls13_is_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
+ return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
}
-static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
{
- return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
+ return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
}
-static inline int mbedtls_ssl_conf_tls13_some_psk_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context *ssl)
{
- return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
+ return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
}
#if defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/**
* Given a list of key exchange modes, check if at least one of them is
- * supported.
+ * supported by peer.
*
* \param[in] ssl SSL context
* \param kex_modes_mask Mask of the key exchange modes to check
*
- * \return 0 if at least one of the key exchange modes is supported,
- * !=0 otherwise.
+ * \return Non-zero if at least one of the key exchange modes is supported by
+ * the peer, otherwise \c 0.
*/
-static inline unsigned mbedtls_ssl_tls13_check_kex_modes(mbedtls_ssl_context *ssl,
- int kex_modes_mask)
+static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *ssl,
+ int kex_modes_mask)
{
- return (ssl->handshake->tls13_kex_modes & kex_modes_mask) == 0;
+ return (ssl->handshake->tls13_kex_modes & kex_modes_mask) != 0;
}
-static inline int mbedtls_ssl_tls13_psk_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_tls13_is_psk_supported(mbedtls_ssl_context *ssl)
{
- return !mbedtls_ssl_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
+ return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
}
-static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled(
+static inline int mbedtls_ssl_tls13_is_psk_ephemeral_supported(
mbedtls_ssl_context *ssl)
{
- return !mbedtls_ssl_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
+ return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
}
-static inline int mbedtls_ssl_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_tls13_is_ephemeral_supported(mbedtls_ssl_context *ssl)
{
- return !mbedtls_ssl_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
+ return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
}
-static inline int mbedtls_ssl_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_tls13_is_some_ephemeral_supported(mbedtls_ssl_context *ssl)
{
- return !mbedtls_ssl_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
+ return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
}
-static inline int mbedtls_ssl_tls13_some_psk_enabled(mbedtls_ssl_context *ssl)
+static inline int mbedtls_ssl_tls13_is_some_psk_supported(mbedtls_ssl_context *ssl)
{
- return !mbedtls_ssl_tls13_check_kex_modes(ssl,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
+ return mbedtls_ssl_tls13_is_kex_mode_supported(ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
}
#endif /* MBEDTLS_SSL_SRV_C &&
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
@@ -2782,47 +2782,53 @@
#define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800)
-static inline unsigned int mbedtls_ssl_session_get_ticket_flags(
+static inline unsigned int mbedtls_ssl_tls13_session_get_ticket_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
return session->ticket_flags &
(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
}
-static inline unsigned int mbedtls_ssl_session_check_ticket_flags(
+/**
+ * Check if at least one of the given flags is set in
+ * the session ticket. See the definition of
+ * `MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK` to get all
+ * permitted flags.
+ */
+static inline int mbedtls_ssl_tls13_session_ticket_has_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
- return mbedtls_ssl_session_get_ticket_flags(session, flags) == 0;
+ return mbedtls_ssl_tls13_session_get_ticket_flags(session, flags) != 0;
}
-static inline unsigned int mbedtls_ssl_session_ticket_allow_psk(
+static inline int mbedtls_ssl_tls13_session_ticket_allow_psk(
mbedtls_ssl_session *session)
{
- return !mbedtls_ssl_session_check_ticket_flags(session,
- MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION);
+ return mbedtls_ssl_tls13_session_ticket_has_flags(
+ session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION);
}
-static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral(
+static inline int mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(
mbedtls_ssl_session *session)
{
- return !mbedtls_ssl_session_check_ticket_flags(session,
- MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION);
+ return mbedtls_ssl_tls13_session_ticket_has_flags(
+ session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION);
}
-static inline unsigned int mbedtls_ssl_session_ticket_allow_early_data(
+static inline unsigned int mbedtls_ssl_tls13_session_ticket_allow_early_data(
mbedtls_ssl_session *session)
{
- return !mbedtls_ssl_session_check_ticket_flags(session,
- MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
+ return mbedtls_ssl_tls13_session_ticket_has_flags(
+ session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
}
-static inline void mbedtls_ssl_session_set_ticket_flags(
+static inline void mbedtls_ssl_tls13_session_set_ticket_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
session->ticket_flags |= (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
}
-static inline void mbedtls_ssl_session_clear_ticket_flags(
+static inline void mbedtls_ssl_tls13_session_clear_ticket_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f92e40a..444df76 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1342,7 +1342,7 @@
* bad config.
*
*/
- if (mbedtls_ssl_conf_tls13_ephemeral_enabled(
+ if (mbedtls_ssl_conf_tls13_is_ephemeral_enabled(
(mbedtls_ssl_context *) ssl) &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 342ec52..dac6bfc 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -621,7 +621,7 @@
/* Skip writing extension if no PSK key exchange mode
* is enabled in the config.
*/
- if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) {
+ if (!mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) {
MBEDTLS_SSL_DEBUG_MSG(3, ("skip psk_key_exchange_modes extension"));
return 0;
}
@@ -640,14 +640,14 @@
*/
p += 5;
- if (mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl)) {
+ if (mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl)) {
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE;
ke_modes_len++;
MBEDTLS_SSL_DEBUG_MSG(4, ("Adding PSK-ECDHE key exchange mode"));
}
- if (mbedtls_ssl_conf_tls13_psk_enabled(ssl)) {
+ if (mbedtls_ssl_conf_tls13_is_psk_enabled(ssl)) {
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
ke_modes_len++;
@@ -684,8 +684,8 @@
mbedtls_ssl_session *session = ssl->session_negotiate;
return ssl->handshake->resume &&
session != NULL && session->ticket != NULL &&
- mbedtls_ssl_conf_tls13_check_kex_modes(
- ssl, mbedtls_ssl_session_get_ticket_flags(
+ mbedtls_ssl_conf_tls13_is_kex_mode_enabled(
+ ssl, mbedtls_ssl_tls13_session_get_ticket_flags(
session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL));
}
@@ -695,7 +695,7 @@
mbedtls_ssl_session *session = ssl->session_negotiate;
return ssl->handshake->resume &&
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
- mbedtls_ssl_session_ticket_allow_early_data(session) &&
+ mbedtls_ssl_tls13_session_ticket_allow_early_data(session) &&
mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite);
}
#endif
@@ -1161,7 +1161,7 @@
p += ext_len;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
- if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+ if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) {
ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len);
if (ret != 0) {
return ret;
@@ -1171,7 +1171,7 @@
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
+ if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) &&
ssl_tls13_early_data_has_valid_ticket(ssl) &&
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
@@ -1457,7 +1457,7 @@
ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
buf, (size_t) (end - buf)));
- if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+ if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) {
ret = ssl_tls13_reset_key_share(ssl);
if (ret != 0) {
return ret;
@@ -1499,7 +1499,7 @@
* in the ClientHello.
* In a PSK only key exchange that what we expect.
*/
- if (!mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+ if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) {
MBEDTLS_SSL_DEBUG_MSG(1,
("Unexpected HRR in pure PSK key exchange."));
MBEDTLS_SSL_PEND_FATAL_ALERT(
@@ -1776,7 +1776,7 @@
case MBEDTLS_TLS_EXT_KEY_SHARE:
MBEDTLS_SSL_DEBUG_MSG(3, ("found key_shares extension"));
- if (!mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+ if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) {
fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
goto cleanup;
}
@@ -1879,7 +1879,7 @@
goto cleanup;
}
- if (!mbedtls_ssl_conf_tls13_check_kex_modes(
+ if (!mbedtls_ssl_conf_tls13_is_kex_mode_enabled(
ssl, handshake->key_exchange_mode)) {
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
MBEDTLS_SSL_DEBUG_MSG(
@@ -2695,7 +2695,7 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4);
session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0);
- mbedtls_ssl_session_set_ticket_flags(
+ mbedtls_ssl_tls13_session_set_ticket_flags(
session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
MBEDTLS_SSL_DEBUG_MSG(
3, ("received max_early_data_size: %u",
@@ -2846,7 +2846,7 @@
session->ticket_len = ticket_len;
/* Clear all flags in ticket_flags */
- mbedtls_ssl_session_clear_ticket_flags(
+ mbedtls_ssl_tls13_session_clear_ticket_flags(
session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
@@ -2933,7 +2933,7 @@
session->resumption_key_len);
/* Set ticket_flags depends on the selected key exchange modes */
- mbedtls_ssl_session_set_ticket_flags(
+ mbedtls_ssl_tls13_session_set_ticket_flags(
session, ssl->conf->tls13_kex_modes);
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 631101e..5aa3870 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -95,9 +95,9 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl);
+static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl);
+static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match_ticket(
@@ -175,12 +175,12 @@
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
key_exchanges = 0;
- if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) &&
- ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
+ if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) &&
+ ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
}
- if (mbedtls_ssl_session_ticket_allow_psk(session) &&
- ssl_tls13_check_psk_key_exchange(ssl)) {
+ if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) &&
+ ssl_tls13_key_exchange_is_psk_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}
@@ -1003,12 +1003,12 @@
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl,
- unsigned int kex_mode)
+static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl,
+ unsigned int kex_mode)
{
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (ssl->handshake->resume) {
- if (mbedtls_ssl_session_check_ticket_flags(
+ if (!mbedtls_ssl_tls13_session_ticket_has_flags(
ssl->session_negotiate, kex_mode)) {
return 0;
}
@@ -1022,10 +1022,10 @@
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
+static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
- return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) &&
+ return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) &&
ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl);
#else
((void) ssl);
@@ -1034,13 +1034,13 @@
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
+static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
- return ssl_tls13_ticket_permission_check(
+ return ssl_tls13_ticket_is_kex_mode_permitted(
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
- mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
- mbedtls_ssl_tls13_psk_enabled(ssl) &&
+ mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) &&
+ mbedtls_ssl_tls13_is_psk_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
#else
((void) ssl);
@@ -1049,13 +1049,13 @@
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
+static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
- return ssl_tls13_ticket_permission_check(
+ return ssl_tls13_ticket_is_kex_mode_permitted(
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
- mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
- mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) &&
+ mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) &&
+ mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
#else
((void) ssl);
@@ -1083,17 +1083,17 @@
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
- if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
+ if (ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
} else
- if (ssl_tls13_check_ephemeral_key_exchange(ssl)) {
+ if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
} else
- if (ssl_tls13_check_psk_key_exchange(ssl)) {
+ if (ssl_tls13_key_exchange_is_psk_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
@@ -1734,8 +1734,8 @@
* - The content up to but excluding the PSK extension, if present.
*/
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
- if (ssl_tls13_check_psk_key_exchange(ssl) ||
- ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
+ if (ssl_tls13_key_exchange_is_psk_available(ssl) ||
+ ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
ret = handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
if (0 != ret) {
@@ -1842,7 +1842,7 @@
}
- if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session_negotiate)) {
+ if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) {
MBEDTLS_SSL_DEBUG_MSG(
1,
("EarlyData: rejected, early_data not allowed in ticket "
@@ -3079,7 +3079,7 @@
* expected to be resolved with issue#6395.
*/
/* Sent NewSessionTicket message only when client supports PSK */
- if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
+ if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) {
mbedtls_ssl_handshake_set_state(
ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
} else
@@ -3138,17 +3138,17 @@
#endif
/* Set ticket_flags depends on the advertised psk key exchange mode */
- mbedtls_ssl_session_clear_ticket_flags(
+ mbedtls_ssl_tls13_session_clear_ticket_flags(
session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
- mbedtls_ssl_session_set_ticket_flags(
+ mbedtls_ssl_tls13_session_set_ticket_flags(
session, ssl->handshake->tls13_kex_modes);
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA)
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED &&
ssl->conf->max_early_data_size > 0) {
- mbedtls_ssl_session_set_ticket_flags(
+ mbedtls_ssl_tls13_session_set_ticket_flags(
session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -3328,7 +3328,7 @@
p += 2;
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (mbedtls_ssl_session_ticket_allow_early_data(session)) {
+ if (mbedtls_ssl_tls13_session_ticket_allow_early_data(session)) {
size_t output_len;
if ((ret = mbedtls_ssl_tls13_write_early_data_ext(