Update dependencies & includes for session tickets

2015-05-20 09:55:50 +02:00 · 2015-05-20 09:55:50 +02:00 · 0c0f11f4b3
commit 0c0f11f4b3
parent d59675d92c
5 changed files with 12 additions and 13 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -425,10 +425,10 @@
 #error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
 #endif

-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TLS_C) && \
+#if defined(MBEDTLS_SSL_TICKET_C) && \
    ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) ||            \
      !defined(MBEDTLS_CIPHER_MODE_CBC) )
-#error "MBEDTLS_SSL_SESSION_TICKETS defined, but not all prerequisites"
+#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
 #endif

 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1109,10 +1109,11 @@
 * \def MBEDTLS_SSL_SESSION_TICKETS
 *
 * Enable support for RFC 5077 session tickets in SSL.
- *
- * Requires: MBEDTLS_AES_C
- *           MBEDTLS_SHA256_C
- *           MBEDTLS_CIPHER_MODE_CBC
+ * Client-side, provides full support for session tickets (maintainance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
 *
 * Comment this macro to disable support for SSL session tickets
 */
@ -2096,6 +2097,10 @@
 *
 * Module:  library/ssl_ticket.c
 * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *           MBEDTLS_SHA256_C
+ *           MBEDTLS_CIPHER_MODE_CBC
 */
 #define MBEDTLS_SSL_TICKET_C

--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -51,11 +51,6 @@
 #include "sha512.h"
 #endif

-// for session tickets
-#if defined(MBEDTLS_AES_C)
-#include "aes.h"
-#endif
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #include "x509_crt.h"
 #include "x509_crl.h"
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@ -25,6 +25,7 @@
 #define MBEDTLS_SSL_TICKET_H

 #include "ssl.h"
+#include "aes.h"

 #ifdef __cplusplus
 extern "C" {
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -50,8 +50,6 @@
 #endif

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-#include "mbedtls/ssl_ticket.h"
-
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;