diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1ae441caa..8b1ed23d1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -820,12 +820,10 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -typedef enum -{ - MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA = 1, - MBEDTLS_SSL_TICKET_ALLOW_DHE_RESUMPTION = 2, - MBEDTLS_SSL_TICKET_ALLOW_PSK_RESUMPTION = 4, -} mbedtls_ssl_ticket_flags; +typedef uint8_t mbedtls_ssl_tls13_ticket_flags; +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION ( 1u << 0 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION ( 1u << 2 ) +#define MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ( 1u << 3 ) #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ /** diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 9efbbbcd2..4412f8e21 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -33,11 +33,6 @@ const char *mbedtls_ssl_states_str( mbedtls_ssl_states in ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -const char *mbedtls_ssl_ticket_flags_str( mbedtls_ssl_ticket_flags in ); -#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) && - defined(MBEDTLS_SSL_SESSION_TICKETS) */ - const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in ); const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 4935fbf4e..aea7adab0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -706,7 +706,8 @@ static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl ) mbedtls_ssl_session *session = ssl->session_negotiate; return( ssl->handshake->resume && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ( session->ticket_flags & MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA ) && + ( session->ticket_flags & + MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION ) && mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, session->ciphersuite ) ); } @@ -2552,7 +2553,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, if( ssl->session != NULL ) { ssl->session->ticket_flags |= - MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA; + MBEDTLS_SSL_TLS1_3_TICKET_HAS_EARLY_DATA_INDACTION; } break;