fix various issues

- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-09-22 10:46:57 +08:00
parent 7a51305478
commit d0766eca58
4 changed files with 34 additions and 19 deletions

View file

@ -1337,7 +1337,7 @@ struct mbedtls_ssl_config
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint16_t MBEDTLS_PRIVATE(new_session_tickets); /*!< number of NewSessionTicket */
uint16_t MBEDTLS_PRIVATE(new_session_tickets_count); /*!< number of NewSessionTicket */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
@ -4137,10 +4137,10 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_SSL_PROTO_TLS1_3)
/**
* \brief Number of NewSessionTicket message that sent by server.
* \brief Number of NewSessionTicket messages for the server to send
* after handshake completion.
* (Default: MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS)
*
*
* \param conf SSL configuration
* \param num_tickets Number of NewSessionTicket.
*

View file

@ -625,7 +625,7 @@ struct mbedtls_ssl_handshake_params
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int tls13_session_tickets; /*!< number of session tickets */
int new_session_tickets_count; /*!< number of session tickets */
#endif
#endif /* MBEDTLS_SSL_SRV_C */

View file

@ -674,6 +674,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_pk_init( &handshake->peer_pubkey );
#endif
}
void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
@ -763,6 +764,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_SSL_SESSION_TICKETS)
ssl->handshake->new_session_tickets_count =
ssl->conf->new_session_tickets_count ;
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
@ -2612,11 +2620,11 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
#if defined(MBEDTLS_SSL_SRV_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
uint16_t num_tickets )
{
conf->new_session_tickets = num_tickets;
conf->new_session_tickets_count = num_tickets;
}
#endif
@ -4653,7 +4661,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_SRV_C)
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_conf_new_session_tickets(
conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
#endif

View file

@ -2617,10 +2617,23 @@ MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl )
{
/* Check whether the use of session tickets is enabled */
if( ssl->conf->f_ticket_write == NULL ||
ssl->handshake->tls13_session_tickets == 0 )
if( ssl->conf->f_ticket_write == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
" callback is not set" ) );
return( SSL_NEW_SESSION_TICKET_SKIP );
}
if( ssl->conf->new_session_tickets_count == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
" configured count is zero" ) );
return( SSL_NEW_SESSION_TICKET_SKIP );
}
if( ssl->handshake->new_session_tickets_count == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have "
"been sent." ) );
return( SSL_NEW_SESSION_TICKET_SKIP );
}
@ -2642,9 +2655,9 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) );
if( ssl->handshake->resume == 1 )
ssl->handshake->tls13_session_tickets = 0;
ssl->handshake->new_session_tickets_count = 0;
else
ssl->handshake->tls13_session_tickets--;
ssl->handshake->new_session_tickets_count--;
#if defined(MBEDTLS_HAVE_TIME)
session->start = mbedtls_time( NULL );
#endif
@ -2890,12 +2903,6 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
/* start state */
case MBEDTLS_SSL_HELLO_REQUEST:
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
ssl->handshake->tls13_session_tickets =
ssl->conf->new_session_tickets ?
ssl->conf->new_session_tickets :
MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS;
#endif
ret = 0;
break;
@ -3014,7 +3021,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
*/
ret = 0;
if( ssl->handshake->tls13_session_tickets == 0 )
if( ssl->handshake->new_session_tickets_count == 0 )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );