diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 57b1d6d528..b3d91125ad 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2720,20 +2720,20 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -static inline uint8_t mbedtls_ssl_tls13_session_get_ticket_flags( +static inline unsigned int mbedtls_ssl_session_get_ticket_flags( mbedtls_ssl_session *session, uint8_t flags) { return session->ticket_flags & (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); } -static inline void mbedtls_ssl_tls13_session_set_ticket_flags( +static inline void mbedtls_ssl_session_set_ticket_flags( mbedtls_ssl_session *session, uint8_t flags) { session->ticket_flags |= (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); } -static inline void mbedtls_ssl_tls13_session_clear_ticket_flags( +static inline void mbedtls_ssl_session_clear_ticket_flags( mbedtls_ssl_session *session, uint8_t flags) { session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 097505a215..a6b3c54147 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -677,9 +677,9 @@ static int ssl_tls13_has_compat_ticket_flags(mbedtls_ssl_context *ssl) mbedtls_ssl_session *session = ssl->session_negotiate; return session != NULL && mbedtls_ssl_conf_tls13_check_kex_modes(ssl, - mbedtls_ssl_tls13_session_get_ticket_flags( + mbedtls_ssl_session_get_ticket_flags( session, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL)); + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); } static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) @@ -2630,7 +2630,7 @@ static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, session->ticket_len = ticket_len; /* Clear all flags in ticket_flags */ - mbedtls_ssl_tls13_session_clear_ticket_flags( + mbedtls_ssl_session_clear_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); @@ -2717,7 +2717,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, session->resumption_key_len); /* Set ticket_flags depends on the selected key exchange modes */ - mbedtls_ssl_tls13_session_set_ticket_flags( + mbedtls_ssl_session_set_ticket_flags( session, ssl->conf->tls13_kex_modes); MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4, session->ticket_flags); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d5dbf82c6f..654a7da317 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -170,10 +170,12 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * We regard the ticket with incompatible key exchange modes as not match. */ ret = MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE; - MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4, session->ticket_flags); + MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4, + session->ticket_flags); if (mbedtls_ssl_tls13_check_kex_modes(ssl, - mbedtls_ssl_tls13_session_get_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL))) { + mbedtls_ssl_session_get_ticket_flags( + session, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) { MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode")); goto exit; } @@ -2632,10 +2634,10 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, #endif /* Set ticket_flags depends on the advertised psk key exchange mode */ - mbedtls_ssl_tls13_session_clear_ticket_flags( + mbedtls_ssl_session_clear_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - mbedtls_ssl_tls13_session_set_ticket_flags( + mbedtls_ssl_session_set_ticket_flags( session, ssl->handshake->tls13_kex_modes); #endif MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4, session->ticket_flags);