tls13: add helpers to check if psk[_ephemeral] allowed by ticket
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 9444c29..b468c6c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2785,6 +2785,20 @@
return mbedtls_ssl_session_get_ticket_flags(session, flags) == 0;
}
+static inline unsigned int mbedtls_ssl_session_ticket_allow_psk(
+ mbedtls_ssl_session *session)
+{
+ return !mbedtls_ssl_session_check_ticket_flags(session,
+ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION);
+}
+
+static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral(
+ mbedtls_ssl_session *session)
+{
+ return !mbedtls_ssl_session_check_ticket_flags(session,
+ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION);
+}
+
static inline void mbedtls_ssl_session_set_ticket_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 08ed55c..49324d8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -121,7 +121,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ticket_buffer;
- unsigned int ticket_flags;
unsigned int key_exchanges;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t now;
@@ -179,15 +178,13 @@
*/
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
- ticket_flags = mbedtls_ssl_session_get_ticket_flags(
- session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
key_exchanges = 0;
- if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) &&
+ if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) &&
ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
}
- if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) &&
+ if (mbedtls_ssl_session_ticket_allow_psk(session) &&
ssl_tls13_check_psk_key_exchange(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}