From 94a42ccb3e26554498c6e4a3e78c6822036fc931 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 6 Dec 2023 10:04:17 +0800 Subject: [PATCH] Add tls13 in ticket flags helper function names ``` sed -i \ "s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \ library/*.[ch] ``` Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 28 ++++++++++++++-------------- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_server.c | 16 ++++++++-------- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 32bef110e5..71d1407614 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2769,7 +2769,7 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, #define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800) -static inline unsigned int mbedtls_ssl_session_get_ticket_flags( +static inline unsigned int mbedtls_ssl_tls13_session_get_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { return session->ticket_flags & @@ -2782,40 +2782,40 @@ static inline unsigned int mbedtls_ssl_session_get_ticket_flags( * `MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK` to get all * permitted flags. */ -static inline int mbedtls_ssl_session_ticket_has_flags( +static inline int mbedtls_ssl_tls13_session_ticket_has_flags( mbedtls_ssl_session *session, unsigned int flags) { - return mbedtls_ssl_session_get_ticket_flags(session, flags) != 0; + return mbedtls_ssl_tls13_session_get_ticket_flags(session, flags) != 0; } -static inline int mbedtls_ssl_session_ticket_allow_psk( +static inline int mbedtls_ssl_tls13_session_ticket_allow_psk( mbedtls_ssl_session *session) { - return mbedtls_ssl_session_ticket_has_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); + return mbedtls_ssl_tls13_session_ticket_has_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); } -static inline int mbedtls_ssl_session_ticket_allow_psk_ephemeral( +static inline int mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral( mbedtls_ssl_session *session) { - return mbedtls_ssl_session_ticket_has_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); + return mbedtls_ssl_tls13_session_ticket_has_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); } -static inline unsigned int mbedtls_ssl_session_ticket_allow_early_data( +static inline unsigned int mbedtls_ssl_tls13_session_ticket_allow_early_data( mbedtls_ssl_session *session) { - return !mbedtls_ssl_session_check_ticket_flags(session, - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + return mbedtls_ssl_tls13_session_ticket_has_flags( + session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } -static inline void mbedtls_ssl_session_set_ticket_flags( +static inline void mbedtls_ssl_tls13_session_set_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { session->ticket_flags |= (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); } -static inline void mbedtls_ssl_session_clear_ticket_flags( +static inline void mbedtls_ssl_tls13_session_clear_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 82ebe7e60e..e418ee01bd 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -685,7 +685,7 @@ static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) return ssl->handshake->resume && session != NULL && session->ticket != NULL && mbedtls_ssl_conf_tls13_is_kex_mode_enabled( - ssl, mbedtls_ssl_session_get_ticket_flags( + ssl, mbedtls_ssl_tls13_session_get_ticket_flags( session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); } @@ -695,7 +695,7 @@ static int ssl_tls13_early_data_has_valid_ticket(mbedtls_ssl_context *ssl) mbedtls_ssl_session *session = ssl->session_negotiate; return ssl->handshake->resume && session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - mbedtls_ssl_session_ticket_allow_early_data(session) && + mbedtls_ssl_tls13_session_ticket_allow_early_data(session) && mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite); } #endif @@ -2685,7 +2685,7 @@ static int ssl_tls13_parse_new_session_ticket_early_data_ext( MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); MBEDTLS_SSL_DEBUG_MSG( 3, ("received max_early_data_size: %u", @@ -2836,7 +2836,7 @@ static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, session->ticket_len = ticket_len; /* Clear all flags in ticket_flags */ - mbedtls_ssl_session_clear_ticket_flags( + mbedtls_ssl_tls13_session_clear_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); @@ -2923,7 +2923,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, session->resumption_key_len); /* Set ticket_flags depends on the selected key exchange modes */ - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, ssl->conf->tls13_kex_modes); MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e5e510ba3a..9f3b39897e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -175,11 +175,11 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); key_exchanges = 0; - if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) && + if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) && ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; } - if (mbedtls_ssl_session_ticket_allow_psk(session) && + if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) && ssl_tls13_key_exchange_is_psk_available(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; } @@ -1008,7 +1008,7 @@ static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->handshake->resume) { - if (!mbedtls_ssl_session_ticket_has_flags( + if (!mbedtls_ssl_tls13_session_ticket_has_flags( ssl->session_negotiate, kex_mode)) { return 0; } @@ -1845,7 +1845,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) } - if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session_negotiate)) { + if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, early_data not allowed in ticket " @@ -3131,17 +3131,17 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, #endif /* Set ticket_flags depends on the advertised psk key exchange mode */ - mbedtls_ssl_session_clear_ticket_flags( + mbedtls_ssl_tls13_session_clear_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, ssl->handshake->tls13_kex_modes); #endif #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && ssl->conf->max_early_data_size > 0) { - mbedtls_ssl_session_set_ticket_flags( + mbedtls_ssl_tls13_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3321,7 +3321,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_session_ticket_allow_early_data(session)) { + if (mbedtls_ssl_tls13_session_ticket_allow_early_data(session)) { size_t output_len; if ((ret = mbedtls_ssl_tls13_write_early_data_ext(