tls13: set key exchange mode in ticket_flags on client/server

Set the ticket_flags when: - server: preparing NST (new session ticket) message - client: postprocessing NST message Clear the ticket_flags when: - server: preparing NST message - client: parsing NST message Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2025-02-06 21:40:11 +00:00 · 2022-11-17 15:22:33 +08:00 · 2022-11-17 15:22:33 +08:00 · 9f92695c8d
commit 9f92695c8d
parent b7d50acb37
2 changed files with 16 additions and 0 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -2618,6 +2618,10 @@ static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl,
    session->ticket = ticket;
    session->ticket_len = ticket_len;

+    /* Clear all flags in ticket_flags */
+    mbedtls_ssl_tls13_session_clear_ticket_flags(session,
+                                                 MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
+
    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
    p += 2;
@ -2701,6 +2705,11 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl,
                          session->resumption_key,
                          session->resumption_key_len);

+    /* Set ticket_flags depends on the selected key exchange modes */
+    mbedtls_ssl_tls13_session_set_ticket_flags(session,
+                                               ssl->conf->tls13_kex_modes);
+    MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4, session->ticket_flags);
+
    return 0;
 }

--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -2604,6 +2604,13 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
    session->start = mbedtls_time(NULL);
 #endif

+    /* Set ticket_flags depends on the advertised psk key exchange mode */
+    mbedtls_ssl_tls13_session_clear_ticket_flags(session,
+                                                 MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
+    mbedtls_ssl_tls13_session_set_ticket_flags(session,
+                                               ssl->handshake->tls13_kex_modes);
+    MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4, session->ticket_flags);
+
    /* Generate ticket_age_add */
    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
                                (unsigned char *) &session->ticket_age_add,