lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Do not add a new field in the SSL config

Browse Source 
We cannot add a new field in SSL config in
an LTS. Use `session_tickets` field instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2024-08-28 07:45:57 +02:00
parent 57ad182644
commit d67f801c63
6 changed files with 70 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_msg.c
View File

@ -5595,8 +5595,8 @@ static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
if (ssl_tls13_is_new_session_ticket(ssl)) {
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received"));
if (ssl->conf->new_session_tickets_enabled ==
MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_ENABLED) {
if (mbedtls_ssl_conf_is_new_session_tickets_enabled(ssl->conf) ==
MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED) {
ssl->keep_current_message = 1;
mbedtls_ssl_handshake_set_state(ssl,

38
library/ssl_tls.c
View File

@ -3009,15 +3009,43 @@ void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf,
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#if defined(MBEDTLS_SSL_CLI_C)
#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT 0
#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT 1
#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK \
(1 << MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT)
#define MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK \
(1 << MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT)
void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets)
{
conf->session_tickets = use_tickets;
conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK;
conf->session_tickets |= (use_tickets != 0) <<
MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_BIT;
}
int mbedtls_ssl_conf_get_session_tickets(const mbedtls_ssl_config *conf)
{
return conf->session_tickets & MBEDTLS_SSL_SESSION_TICKETS_TLS1_2_MASK ?
MBEDTLS_SSL_SESSION_TICKETS_ENABLED :
MBEDTLS_SSL_SESSION_TICKETS_DISABLED;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
void mbedtls_ssl_conf_enable_new_session_tickets(mbedtls_ssl_config *conf,
int new_session_tickets_enabled)
int use_new_session_tickets)
{
conf->new_session_tickets_enabled = new_session_tickets_enabled;
conf->session_tickets &= ~MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK;
conf->session_tickets |= (use_new_session_tickets != 0) <<
MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_BIT;
}
int mbedtls_ssl_conf_is_new_session_tickets_enabled(const mbedtls_ssl_config *conf)
{
return conf->session_tickets & MBEDTLS_SSL_SESSION_TICKETS_TLS1_3_MASK ?
MBEDTLS_SSL_NEW_SESSION_TICKETS_ENABLED :
MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_CLI_C */
@ -5885,9 +5913,9 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
mbedtls_ssl_conf_session_tickets(conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->new_session_tickets_enabled = MBEDTLS_SSL_ENABLE_NEW_SESSION_TICKETS_DISABLED;
mbedtls_ssl_conf_enable_new_session_tickets(conf, MBEDTLS_SSL_NEW_SESSION_TICKETS_DISABLED);
#endif
#endif
}

6
library/ssl_tls12_client.c
View File

@ -364,7 +364,8 @@ static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl,
*olen = 0;
if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) {
if (mbedtls_ssl_conf_get_session_tickets(ssl->conf) ==
MBEDTLS_SSL_SESSION_TICKETS_DISABLED) {
return 0;
}
@ -787,7 +788,8 @@ static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len)
{
if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
if ((mbedtls_ssl_conf_get_session_tickets(ssl->conf) ==
MBEDTLS_SSL_SESSION_TICKETS_DISABLED) ||
len != 0) {
MBEDTLS_SSL_DEBUG_MSG(1,
("non-matching session ticket extension"));