From 1ad7ace6b7d551a28ddf3b0406b248f2891606a2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 9 Aug 2022 13:28:39 +0800 Subject: [PATCH 1/9] Add conf new session tickets Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 8 +++++++ include/mbedtls/ssl.h | 36 ++++++++++++++++++++++++++++---- library/ssl_tls.c | 13 ++++++++++++ 3 files changed, 53 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 687c5ef0ee..eea7f09808 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1578,6 +1578,14 @@ */ #define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 +/** + * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS + * + * Default number of NewSessionTicket. This is not used in TLS 1.2. + * + */ +#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 + /** * \def MBEDTLS_SSL_PROTO_DTLS * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1e0220a6ac..0f008ea3e9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1329,9 +1329,17 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_RENEGOTIATION) uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */ #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_CLI_C) + uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */ #endif + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) + uint16_t MBEDTLS_PRIVATE(new_session_tickets); /*!< number of NewSessionTicket */ +#endif + #if defined(MBEDTLS_SSL_SRV_C) uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in Certificate Request messages? */ @@ -4109,7 +4117,8 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ); #endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_CLI_C) /** * \brief Enable / Disable session tickets (client only). * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.) @@ -4121,7 +4130,26 @@ void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ); * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) */ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_CLI_C */ + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) +/** + * \brief Number of NewSessionTicket message that sent by server. + * (Default: MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS) + * + * + * \param conf SSL configuration + * \param num_tickets Number of NewSessionTicket. + * + */ +void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf, + uint16_t num_tickets ); +#endif /* MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3*/ #if defined(MBEDTLS_SSL_RENEGOTIATION) /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index af65e6d866..065b354d09 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2611,6 +2611,15 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets #endif #if defined(MBEDTLS_SSL_SRV_C) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf, + uint16_t num_tickets ) +{ + conf->new_session_tickets = num_tickets; +} +#endif + void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, mbedtls_ssl_ticket_write_t *f_ticket_write, mbedtls_ssl_ticket_parse_t *f_ticket_parse, @@ -4644,6 +4653,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_SRV_C) + mbedtls_ssl_conf_new_session_tickets( + conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS ); +#endif /* * Allow all TLS 1.3 key exchange modes by default. */ From d4e7500a07ef25f1d2188322566125d9699b734c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 9 Aug 2022 13:33:50 +0800 Subject: [PATCH 2/9] Enable multi session tickets on Server Signed-off-by: Jerry Yu --- library/ssl_misc.h | 3 +++ library/ssl_tls13_server.c | 19 +++++++++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0b3ba90f74..2621d20055 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -624,6 +624,9 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ #endif +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + int tls13_session_tickets; /*!< number of session tickets */ +#endif #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e185dc118c..780740897f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2617,7 +2617,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl ) { /* Check whether the use of session tickets is enabled */ - if( ssl->conf->f_ticket_write == NULL ) + if( ssl->conf->f_ticket_write == NULL || + ssl->handshake->tls13_session_tickets == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) ); return( SSL_NEW_SESSION_TICKET_SKIP ); @@ -2640,6 +2641,10 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) ); + if( ssl->handshake->resume == 1 ) + ssl->handshake->tls13_session_tickets = 0; + else + ssl->handshake->tls13_session_tickets--; #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time( NULL ); #endif @@ -2885,6 +2890,12 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) /* start state */ case MBEDTLS_SSL_HELLO_REQUEST: mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) + ssl->handshake->tls13_session_tickets = + ssl->conf->new_session_tickets ? + ssl->conf->new_session_tickets : + MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS; +#endif ret = 0; break; @@ -3002,7 +3013,11 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) * as part of ssl_prepare_handshake_step. */ ret = 0; - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); + + if( ssl->handshake->tls13_session_tickets == 0 ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); + else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET ); break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ From 7a5130547893d7bf0d57af2dba1b5a74b4c2aaeb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 9 Aug 2022 13:34:21 +0800 Subject: [PATCH 3/9] Add multi-session tickets test Signed-off-by: Jerry Yu --- programs/ssl/ssl_client2.c | 9 ++++++--- programs/ssl/ssl_server2.c | 8 +++++--- tests/ssl-opt.sh | 26 ++++++++++++++++++++++---- 3 files changed, 33 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 050d51872b..3550c67bbf 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1139,7 +1139,7 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "tickets" ) == 0 ) { opt.tickets = atoi( q ); - if( opt.tickets < 0 || opt.tickets > 2 ) + if( opt.tickets < 0 ) goto usage; } else if( strcmp( p, "alpn" ) == 0 ) @@ -2668,6 +2668,9 @@ send_request: */ if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) + int ticket_id = 0; +#endif do { len = sizeof( buf ) - 1; @@ -2715,7 +2718,8 @@ send_request: case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: /* We were waiting for application data but got * a NewSessionTicket instead. */ - mbedtls_printf( " got new session ticket.\n" ); + mbedtls_printf( " got new session ticket ( %d ).\n", + ticket_id++ ); if( opt.reconnect != 0 ) { mbedtls_printf(" . Saving session for reuse..." ); @@ -2749,7 +2753,6 @@ send_request: (unsigned) session_data_len ); } } - continue; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a1b29786d5..ff63fdd05c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1997,7 +1997,7 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "tickets" ) == 0 ) { opt.tickets = atoi( q ); - if( opt.tickets < 0 || opt.tickets > 1 ) + if( opt.tickets < 0 ) goto usage; } else if( strcmp( p, "ticket_rotate" ) == 0 ) @@ -2915,7 +2915,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED ) + if( opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) { if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, rng_get, &rng, @@ -2930,7 +2930,9 @@ int main( int argc, char *argv[] ) mbedtls_ssl_ticket_write, mbedtls_ssl_ticket_parse, &ticket_ctx ); - +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_ssl_conf_new_session_tickets( &conf, opt.tickets ); +#endif /* exercise manual ticket rotation (not required for typical use) * (used for external synchronization of session ticket encryption keys) */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 84bcd3c095..f51d945519 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12781,14 +12781,32 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ -c "HTTP/1.0 200 OK" \ -s "This is a resumed session" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +# https://github.com/openssl/openssl/issues/10714 +# Until now, OpenSSL client does not support reconnect. +skip_next_test +run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ + "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ + 0 \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" + requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%DISABLE_TLS13_COMPAT_MODE -V -r" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ + "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 0 \ -c "Connecting again- trying to resume previous session" \ -c "NEW SESSION TICKET (4) was received" \ @@ -12805,11 +12823,11 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ -c "Protocol is TLSv1.3" \ - -c "got new session ticket." \ + -c "got new session ticket ( 3 )" \ -c "Saving session for reuse... ok" \ -c "Reconnecting with saved session" \ -c "HTTP/1.0 200 OK" \ From d0766eca58b2a53031e4d51ee32fb394309b9c25 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 22 Sep 2022 10:46:57 +0800 Subject: [PATCH 4/9] fix various issues - Improve comments - Align count variable name to `new_session_tickets_count` - move tickets_count init to handshake init Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 6 +++--- library/ssl_misc.h | 2 +- library/ssl_tls.c | 14 +++++++++++--- library/ssl_tls13_server.c | 31 +++++++++++++++++++------------ 4 files changed, 34 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0f008ea3e9..1d5f4281fd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1337,7 +1337,7 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_SRV_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint16_t MBEDTLS_PRIVATE(new_session_tickets); /*!< number of NewSessionTicket */ + uint16_t MBEDTLS_PRIVATE(new_session_tickets_count); /*!< number of NewSessionTicket */ #endif #if defined(MBEDTLS_SSL_SRV_C) @@ -4137,10 +4137,10 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets defined(MBEDTLS_SSL_SRV_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_3) /** - * \brief Number of NewSessionTicket message that sent by server. + * \brief Number of NewSessionTicket messages for the server to send + * after handshake completion. * (Default: MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS) * - * * \param conf SSL configuration * \param num_tickets Number of NewSessionTicket. * diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2621d20055..7e060d3348 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -625,7 +625,7 @@ struct mbedtls_ssl_handshake_params uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - int tls13_session_tickets; /*!< number of session tickets */ + int new_session_tickets_count; /*!< number of session tickets */ #endif #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 065b354d09..de6bae2833 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -674,6 +674,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) mbedtls_pk_init( &handshake->peer_pubkey ); #endif + } void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) @@ -763,6 +764,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) mbedtls_ssl_transform_init( ssl->transform_negotiate ); ssl_handshake_params_init( ssl->handshake ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) + ssl->handshake->new_session_tickets_count = + ssl->conf->new_session_tickets_count ; +#endif + #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { @@ -2612,11 +2620,11 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets #if defined(MBEDTLS_SSL_SRV_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf, uint16_t num_tickets ) { - conf->new_session_tickets = num_tickets; + conf->new_session_tickets_count = num_tickets; } #endif @@ -4653,7 +4661,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_conf_new_session_tickets( conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS ); #endif diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 780740897f..40ac476673 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2617,10 +2617,23 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl ) { /* Check whether the use of session tickets is enabled */ - if( ssl->conf->f_ticket_write == NULL || - ssl->handshake->tls13_session_tickets == 0 ) + if( ssl->conf->f_ticket_write == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled," + " callback is not set" ) ); + return( SSL_NEW_SESSION_TICKET_SKIP ); + } + if( ssl->conf->new_session_tickets_count == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled," + " configured count is zero" ) ); + return( SSL_NEW_SESSION_TICKET_SKIP ); + } + + if( ssl->handshake->new_session_tickets_count == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have " + "been sent." ) ); return( SSL_NEW_SESSION_TICKET_SKIP ); } @@ -2642,9 +2655,9 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) ); if( ssl->handshake->resume == 1 ) - ssl->handshake->tls13_session_tickets = 0; + ssl->handshake->new_session_tickets_count = 0; else - ssl->handshake->tls13_session_tickets--; + ssl->handshake->new_session_tickets_count--; #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time( NULL ); #endif @@ -2890,12 +2903,6 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) /* start state */ case MBEDTLS_SSL_HELLO_REQUEST: mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl->handshake->tls13_session_tickets = - ssl->conf->new_session_tickets ? - ssl->conf->new_session_tickets : - MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS; -#endif ret = 0; break; @@ -3014,7 +3021,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) */ ret = 0; - if( ssl->handshake->tls13_session_tickets == 0 ) + if( ssl->handshake->new_session_tickets_count == 0 ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET ); From b7e3fa7fbdd573f3f7f633da297a561eadac0fc5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 22 Sep 2022 11:07:18 +0800 Subject: [PATCH 5/9] move count decrement after success sent Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 40ac476673..e1e52cb457 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2654,10 +2654,6 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) ); - if( ssl->handshake->resume == 1 ) - ssl->handshake->new_session_tickets_count = 0; - else - ssl->handshake->new_session_tickets_count--; #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time( NULL ); #endif @@ -2870,6 +2866,8 @@ static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len ) ); + ssl->handshake->new_session_tickets_count--; + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH ); } From f3bdf9dd5125113d490fbcb3795d530f6979d08e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 22 Sep 2022 23:30:49 +0800 Subject: [PATCH 6/9] fix various issues - improve document about configuration item. - format issue - variable type issue. Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 4 +++- library/ssl_misc.h | 2 +- library/ssl_tls.c | 1 - 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index eea7f09808..3df16777b0 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1581,7 +1581,9 @@ /** * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS * - * Default number of NewSessionTicket. This is not used in TLS 1.2. + * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server + * after handshake completion. This is not used in TLS 1.2 and relevant only if + * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. * */ #define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7e060d3348..e2546ffe97 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -625,7 +625,7 @@ struct mbedtls_ssl_handshake_params uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - int new_session_tickets_count; /*!< number of session tickets */ + uint16_t new_session_tickets_count; /*!< number of session tickets */ #endif #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index de6bae2833..c9aea4857b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -674,7 +674,6 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) mbedtls_pk_init( &handshake->peer_pubkey ); #endif - } void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) From 359e65f78467962af579d25f869c632df3048eb4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 22 Sep 2022 23:47:43 +0800 Subject: [PATCH 7/9] limit session ticket number when resumption Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e1e52cb457..667e596e5c 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2866,7 +2866,14 @@ static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len ) ); - ssl->handshake->new_session_tickets_count--; + /* Limit session tickets count to one when resumption connection. + * + * See document of mbedtls_ssl_conf_new_session_tickets. + */ + if( ssl->handshake->resume == 1 ) + ssl->handshake->new_session_tickets_count = 0; + else + ssl->handshake->new_session_tickets_count--; mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH ); From 40b4a0138811b621553a29cde82015f5801dec94 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 22 Sep 2022 23:48:38 +0800 Subject: [PATCH 8/9] Improve documents Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1d5f4281fd..ce2594991c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4137,12 +4137,19 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets defined(MBEDTLS_SSL_SRV_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_3) /** - * \brief Number of NewSessionTicket messages for the server to send - * after handshake completion. - * (Default: MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS) +* \brief Number of NewSessionTicket messages for the server to send + * after handshake completion. + * \note The default value is + * MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS. + * \note In case of a session resumption, this setting only partially + * apply. At most one ticket is sent in that case to just review the + * pool of tickets of the client. The rationale is to avoid the + * number of tickets on the server to become rapidly out of + * control when the server has the same configuration for all its + * connection instances. * - * \param conf SSL configuration - * \param num_tickets Number of NewSessionTicket. + * \param conf SSL configuration + * \param num_tickets Number of NewSessionTicket. * */ void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf, From ba627bfd0d76dd91751cf178948953a149d4834d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 23 Sep 2022 09:58:22 +0800 Subject: [PATCH 9/9] improve document about session tickets Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ce2594991c..0517e37ac5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4137,16 +4137,17 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets defined(MBEDTLS_SSL_SRV_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_3) /** -* \brief Number of NewSessionTicket messages for the server to send - * after handshake completion. + * \brief Number of NewSessionTicket messages for the server to send + * after handshake completion. + * * \note The default value is - * MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS. - * \note In case of a session resumption, this setting only partially - * apply. At most one ticket is sent in that case to just review the - * pool of tickets of the client. The rationale is to avoid the - * number of tickets on the server to become rapidly out of - * control when the server has the same configuration for all its - * connection instances. + * \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS. + * + * \note In case of a session resumption, this setting only partially apply. + * At most one ticket is sent in that case to just renew the pool of + * tickets of the client. The rationale is to avoid the number of + * tickets on the server to become rapidly out of control when the + * server has the same configuration for all its connection instances. * * \param conf SSL configuration * \param num_tickets Number of NewSessionTicket.