fix various issues

- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

include/mbedtls/ssl.h

@@ -1337,7 +1337,7 @@ struct mbedtls_ssl_config
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
     defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    uint16_t MBEDTLS_PRIVATE(new_session_tickets);   /*!< number of NewSessionTicket */
+    uint16_t MBEDTLS_PRIVATE(new_session_tickets_count);   /*!< number of NewSessionTicket */
 #endif
 
 #if defined(MBEDTLS_SSL_SRV_C)
@@ -4137,10 +4137,10 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
     defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_SSL_PROTO_TLS1_3)
 /**
- * \brief          Number of NewSessionTicket message that sent by server.
+ * \brief          Number of NewSessionTicket messages for the server to send
+ *                 after handshake completion.
  *                 (Default: MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS)
  *
- *
  * \param conf     SSL configuration
  * \param num_tickets   Number of NewSessionTicket.
  *

library/ssl_misc.h

@@ -625,7 +625,7 @@ struct mbedtls_ssl_handshake_params
     uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
 #endif
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    int tls13_session_tickets;         /*!< number of session tickets */
+    int new_session_tickets_count;         /*!< number of session tickets */
 #endif
 #endif /* MBEDTLS_SSL_SRV_C */
 

library/ssl_tls.c

@@ -674,6 +674,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
     !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     mbedtls_pk_init( &handshake->peer_pubkey );
 #endif
+
 }
 
 void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
@@ -763,6 +764,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
     mbedtls_ssl_transform_init( ssl->transform_negotiate );
     ssl_handshake_params_init( ssl->handshake );
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+    defined(MBEDTLS_SSL_SRV_C) && \
+    defined(MBEDTLS_SSL_SESSION_TICKETS)
+    ssl->handshake->new_session_tickets_count =
+        ssl->conf->new_session_tickets_count ;
+#endif
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
     {
@@ -2612,11 +2620,11 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
 
 #if defined(MBEDTLS_SSL_SRV_C)
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
 void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
                                            uint16_t num_tickets )
 {
-    conf->new_session_tickets = num_tickets;
+    conf->new_session_tickets_count = num_tickets;
 }
 #endif
 
@@ -4653,7 +4661,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
     mbedtls_ssl_conf_new_session_tickets(
         conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
 #endif

library/ssl_tls13_server.c

@@ -2617,10 +2617,23 @@ MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl )
 {
     /* Check whether the use of session tickets is enabled */
-    if( ssl->conf->f_ticket_write == NULL ||
+    if( ssl->conf->f_ticket_write == NULL )
-        ssl->handshake->tls13_session_tickets == 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+                                        " callback is not set" ) );
+        return( SSL_NEW_SESSION_TICKET_SKIP );
+    }
+    if( ssl->conf->new_session_tickets_count == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+                                        " configured count is zero" ) );
+        return( SSL_NEW_SESSION_TICKET_SKIP );
+    }
+
+    if( ssl->handshake->new_session_tickets_count == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have "
+                                        "been sent." ) );
         return( SSL_NEW_SESSION_TICKET_SKIP );
     }
 
@@ -2642,9 +2655,9 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) );
 
     if( ssl->handshake->resume == 1 )
-        ssl->handshake->tls13_session_tickets = 0;
+        ssl->handshake->new_session_tickets_count = 0;
     else
-        ssl->handshake->tls13_session_tickets--;
+        ssl->handshake->new_session_tickets_count--;
 #if defined(MBEDTLS_HAVE_TIME)
     session->start = mbedtls_time( NULL );
 #endif
@@ -2890,12 +2903,6 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
         /* start state */
         case MBEDTLS_SSL_HELLO_REQUEST:
             mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
-            ssl->handshake->tls13_session_tickets =
-                ssl->conf->new_session_tickets ?
-                    ssl->conf->new_session_tickets :
-                    MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS;
-#endif
             ret = 0;
             break;
 
@@ -3014,7 +3021,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
              */
             ret = 0;
 
-            if( ssl->handshake->tls13_session_tickets == 0 )
+            if( ssl->handshake->new_session_tickets_count == 0 )
                 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
             else
                 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );