fix various issues
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 2621d20..7e060d3 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -625,7 +625,7 @@
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- int tls13_session_tickets; /*!< number of session tickets */
+ int new_session_tickets_count; /*!< number of session tickets */
#endif
#endif /* MBEDTLS_SSL_SRV_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 065b354..de6bae2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -674,6 +674,7 @@
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_pk_init( &handshake->peer_pubkey );
#endif
+
}
void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
@@ -763,6 +764,13 @@
mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS)
+ ssl->handshake->new_session_tickets_count =
+ ssl->conf->new_session_tickets_count ;
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
@@ -2612,11 +2620,11 @@
#if defined(MBEDTLS_SSL_SRV_C)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
uint16_t num_tickets )
{
- conf->new_session_tickets = num_tickets;
+ conf->new_session_tickets_count = num_tickets;
}
#endif
@@ -4653,7 +4661,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_conf_new_session_tickets(
conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
#endif
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 7807408..40ac476 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2617,10 +2617,23 @@
static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl )
{
/* Check whether the use of session tickets is enabled */
- if( ssl->conf->f_ticket_write == NULL ||
- ssl->handshake->tls13_session_tickets == 0 )
+ if( ssl->conf->f_ticket_write == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+ " callback is not set" ) );
+ return( SSL_NEW_SESSION_TICKET_SKIP );
+ }
+ if( ssl->conf->new_session_tickets_count == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+ " configured count is zero" ) );
+ return( SSL_NEW_SESSION_TICKET_SKIP );
+ }
+
+ if( ssl->handshake->new_session_tickets_count == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have "
+ "been sent." ) );
return( SSL_NEW_SESSION_TICKET_SKIP );
}
@@ -2642,9 +2655,9 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) );
if( ssl->handshake->resume == 1 )
- ssl->handshake->tls13_session_tickets = 0;
+ ssl->handshake->new_session_tickets_count = 0;
else
- ssl->handshake->tls13_session_tickets--;
+ ssl->handshake->new_session_tickets_count--;
#if defined(MBEDTLS_HAVE_TIME)
session->start = mbedtls_time( NULL );
#endif
@@ -2890,12 +2903,6 @@
/* start state */
case MBEDTLS_SSL_HELLO_REQUEST:
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
- ssl->handshake->tls13_session_tickets =
- ssl->conf->new_session_tickets ?
- ssl->conf->new_session_tickets :
- MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS;
-#endif
ret = 0;
break;
@@ -3014,7 +3021,7 @@
*/
ret = 0;
- if( ssl->handshake->tls13_session_tickets == 0 )
+ if( ssl->handshake->new_session_tickets_count == 0 )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );