Skip to content

Commit

Permalink
Add session ticket related check when send early data
Browse files Browse the repository at this point in the history
Signed-off-by: Xiaokang Qian <[email protected]>
  • Loading branch information
xkqian committed Nov 3, 2022
1 parent eda8c87 commit 45ade6f
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion library/ssl_tls13_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -692,6 +692,16 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
session != NULL && session->ticket != NULL );
}

static int ssl_tls13_early_data_ticket_verify( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_session *session = ssl->session_negotiate;
return( ssl->handshake->resume &&
session != NULL && session->ticket != NULL &&
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
mbedtls_ssl_tls13_cipher_suite_is_offered(
ssl, session->ciphersuite ) );
}

MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
psa_algorithm_t *hash_alg,
Expand Down Expand Up @@ -1156,7 +1166,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_EARLY_DATA)
if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1 ||
ssl_tls13_has_configured_ticket( ssl ) ) &&
ssl_tls13_early_data_ticket_verify( ssl ) ) &&
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
{
ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
Expand Down

0 comments on commit 45ade6f

Please sign in to comment.