From 9f44c883f4d4970221ae711ae1f7b597768435d9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 Aug 2024 16:44:10 +0200 Subject: [PATCH] Rename some "new_session_tickets" symbols Signed-off-by: Ronald Cron --- ChangeLog.d/disable-new-session-tickets.txt | 7 ++++--- include/mbedtls/ssl.h | 18 +++++++++--------- library/ssl_misc.h | 6 +++--- library/ssl_msg.c | 4 ++-- library/ssl_tls.c | 9 +++++---- programs/ssl/ssl_client2.c | 5 +++-- tests/src/test_helpers/ssl_helpers.c | 4 ++-- 7 files changed, 28 insertions(+), 25 deletions(-) diff --git a/ChangeLog.d/disable-new-session-tickets.txt b/ChangeLog.d/disable-new-session-tickets.txt index 1fd112ff15..bb13b4b2b4 100644 --- a/ChangeLog.d/disable-new-session-tickets.txt +++ b/ChangeLog.d/disable-new-session-tickets.txt @@ -1,8 +1,9 @@ Bugfix * Fix TLS connection failure in applications using an Mbed TLS client in the default configuration connecting to a TLS 1.3 server sending tickets. - See the documentation of mbedtls_ssl_conf_enable_new_session_tickets() - for more information. + See the documentation of + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() for more + information. Fixes #8749. Changes @@ -10,4 +11,4 @@ Changes disabled at runtime. Applications that were using TLS 1.3 tickets signalled by MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return values now need to enable the handling of TLS 1.3 tickets through the new - mbedtls_ssl_conf_enable_new_session_tickets() API. + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() API. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8ba7ef8f17..afd4129d7a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -321,8 +321,8 @@ #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 -#define MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED 0 -#define MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED 1 +#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED 0 +#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED 1 #define MBEDTLS_SSL_PRESET_DEFAULT 0 #define MBEDTLS_SSL_PRESET_SUITEB 2 @@ -4508,12 +4508,12 @@ void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) * fatal error code are then failing. * * \param conf SSL configuration - * \param use_new_session_tickets Enable or disable - * (MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED or - * MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED) + * \param signal_new_session_tickets Enable or disable + * (MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED or + * MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED) */ -void mbedtls_ssl_conf_enable_new_session_tickets(mbedtls_ssl_config *conf, - int use_new_session_tickets); +void mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( + mbedtls_ssl_config *conf, int signal_new_session_tickets); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -5093,8 +5093,8 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * This error code can be returned only on client side if and * only if handling of TLS 1.3 NewSessionTicket messages has * been enabled through the - * mbedtls_ssl_conf_enable_new_session_tickets() API. A TLS 1.3 - * NewSessionTicket message has been received and parsed + * mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() API. + * A TLS 1.3 NewSessionTicket message has been received and parsed * successfully by the client. Ticket data is available in the * SSL context and remain available as long as the client will * not receive a new NewSessionTicket message. Ticket data may diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 10cb68456d..1e4c42c634 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2955,12 +2955,12 @@ static inline int mbedtls_ssl_conf_get_session_tickets( } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_conf_is_new_session_tickets_enabled( +static inline int mbedtls_ssl_conf_is_signal_new_session_tickets_enabled( const mbedtls_ssl_config *conf) { return conf->session_tickets & MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK ? - MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED : - MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED; + MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED : + MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED; } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f7c12a85dc..ef722d7bdc 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5595,8 +5595,8 @@ static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) if (ssl_tls13_is_new_session_ticket(ssl)) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received")); - if (mbedtls_ssl_conf_is_new_session_tickets_enabled(ssl->conf) == - MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED) { + if (mbedtls_ssl_conf_is_signal_new_session_tickets_enabled(ssl->conf) == + MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED) { ssl->keep_current_message = 1; mbedtls_ssl_handshake_set_state(ssl, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fe1a1efa99..07eee6bebb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3018,11 +3018,11 @@ void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -void mbedtls_ssl_conf_enable_new_session_tickets(mbedtls_ssl_config *conf, - int use_new_session_tickets) +void mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( + mbedtls_ssl_config *conf, int signal_new_session_tickets) { conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK; - conf->session_tickets |= (use_new_session_tickets != 0) << + conf->session_tickets |= (signal_new_session_tickets != 0) << MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT; } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -5893,7 +5893,8 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_conf_session_tickets(conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_enable_new_session_tickets(conf, MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED); + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( + conf, MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED); #endif #endif } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 7029e2677a..7a48ab82f8 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -82,7 +82,7 @@ int main(void) #define DFL_CID_VALUE_RENEGO NULL #define DFL_RECONNECT_HARD 0 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED -#define DFL_NEW_SESSION_TICKETS MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED +#define DFL_NEW_SESSION_TICKETS MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED #define DFL_ALPN_STRING NULL #define DFL_GROUPS NULL #define DFL_SIG_ALGS NULL @@ -1946,7 +1946,8 @@ usage: #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_conf_session_tickets(&conf, opt.tickets); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_enable_new_session_tickets(&conf, opt.new_session_tickets); + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( + &conf, opt.new_session_tickets); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index b0fe2bdf1e..3cb6175b98 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2543,8 +2543,8 @@ int mbedtls_test_get_tls13_ticket( server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); - mbedtls_ssl_conf_enable_new_session_tickets( - &client_ep.conf, MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED); + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( + &client_ep.conf, MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, mbedtls_test_ticket_write,