Add code improvments and refactoring in dealing with ALPN

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2025-01-16 04:14:34 +00:00 · 2024-03-12 16:25:08 +00:00 · 2024-03-12 16:25:08 +00:00 · 5bc5263b2c
commit 5bc5263b2c
parent 7dfba34475
4 changed files with 11 additions and 10 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1305,7 +1305,8 @@ struct mbedtls_ssl_session {
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */

 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
-    char *ticket_alpn;                      /*!< ALPN negotiated in the session */
+    char *ticket_alpn;                      /*!< ALPN negotiated in the session
+                                                 during which the ticket was generated. */
 #endif

 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -2855,8 +2855,8 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session,
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) && \
    defined(MBEDTLS_SSL_ALPN)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_set_alpn(mbedtls_ssl_session *session,
-                                 const char *alpn);
+int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session,
+                                        const char *alpn);
 #endif

 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -469,8 +469,7 @@ static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
    dst->max_early_data_size = src->max_early_data_size;

 #if defined(MBEDTLS_SSL_ALPN)
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ret = mbedtls_ssl_session_set_alpn(dst, src->ticket_alpn);
+    int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn);
    if (ret != 0) {
        return ret;
    }
@ -3146,9 +3145,11 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
    MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);

 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN)
-    ret = mbedtls_ssl_session_set_alpn(session, ssl->alpn_chosen);
-    if (ret != 0) {
-        return ret;
+    if (session->ticket_alpn == NULL) {
+        ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen);
+        if (ret != 0) {
+            return ret;
+        }
    }
 #endif

--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@ -1794,8 +1794,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session,
 #if defined(MBEDTLS_SSL_EARLY_DATA)
    session->max_early_data_size = 0x87654321;
 #if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ret = mbedtls_ssl_session_set_alpn(session, "ALPNExample");
+    int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample");
    if (ret != 0) {
        return -1;
    }