TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a1aa31b8b1f1f2aae2d90fd6747beb2b3877051d^! / .
commita1aa31b8b1f1f2aae2d90fd6747beb2b3877051d[log] [tgz]
authorPengyu Lv <pengyu.lv@arm.com>Tue Dec 13 13:49:59 2022 +0800
committerPengyu Lv <pengyu.lv@arm.com>Fri Jan 13 11:05:58 2023 +0800
treece46f6ee2173eac8876feb15f020550edd4cdcef
parent06cf66d2ab9a7347b1805432764f029cc59dda92 [diff]
fix review comments

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>

diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 3ca8840..7f813a3 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h

@@ -82,7 +82,9 @@
 #define MBEDTLS_SSL_DEBUG_ECP(level, text, X)         do { } while (0)
 #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt)       do { } while (0)
 #define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr)     do { } while (0)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
 #define MBEDTLS_SSL_DEBUG_TICKET_FLAGS(level, flag)   do { } while (0)
+#endif
 
 #endif /* MBEDTLS_DEBUG_C */
 

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 9b34e4f..db2e758 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -96,7 +96,7 @@
 /* Error space gap */
 /** Processing of the Certificate handshake message failed. */
 #define MBEDTLS_ERR_SSL_BAD_CERTIFICATE                   -0x7A00
-/** The kex mode allowed by ticket is not supported by client */
+/** No suitable key exchange mode for ticket */
 #define MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE           -0x7A80
 /**
  * Received NewSessionTicket Post Handshake Message.

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 25844d3..57b1d6d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -2738,6 +2738,6 @@
 {
     session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
 }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
 
 #endif /* ssl_misc.h */

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 49b4c2d..d5dbf82 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -2567,6 +2567,10 @@
     mbedtls_ssl_tls13_handshake_wrapup(ssl);
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
+/* TODO: Remove the check of SOME_PSK_ENABLED since SESSION_TICKETS requires
+ *       SOME_PSK_ENABLED to be enabled. Here is just to make CI happy. It is
+ *       expected to be resolved with issue#6395.
+ */
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
     /* Sent NewSessionTicket message only when client supports PSK */
     if (!mbedtls_ssl_tls13_some_psk_enabled(ssl)) {