remove new_session_ticket

Signed-off-by: Jerry Yu <[email protected]>
hannestschofenig · Dec 1, 2022 · ab189df · ab189df
1 parent 150d105
commit ab189df
Show file tree

Hide file tree

Showing 9 changed files with 21 additions and 45 deletions.
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
@@ -126,11 +126,7 @@
 #endif
 
 /* Quick fix for prototype
- * TODO: Remove MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED after early data integrate.
  */
-#if defined(MBEDTLS_SSL_SESSIONT_TICKETS) && !defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
-#define MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED
-#endif
 
 #if defined(MBEDTLS_ZERO_RTT) && !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
 #undef MBEDTLS_ZERO_RTT

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
@@ -1576,22 +1576,6 @@
 */
 //#define MBEDTLS_ZERO_RTT
 
-/*
-* \def MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED
-*
-* Enable support for TLS 1.3 session tickets.
-* Client-side, provides full support for session tickets (maintainance of a
-* session store remains the responsibility of the application, though).
-* Server-side, you also need to provide callbacks for writing and parsing
-* tickets, including authenticated encryption and key management. Example
-* callbacks are provided by MBEDTLS_SSL_TICKET_C.
-*
-* Comment this macro to
-*  - be able to issue tickets by TLS 1.3 servers, and
-*  - use them in TLS 1.3 clients.
-*/
-//#define MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED
-
 /**
  * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
  *

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
@@ -1247,15 +1247,15 @@ struct mbedtls_ssl_session
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
     uint32_t MBEDTLS_PRIVATE(verify_result);          /*!<  verification result     */
 
-#if ( defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) ) || defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
     unsigned char *MBEDTLS_PRIVATE(ticket);      /*!< RFC 5077 session ticket */
     size_t MBEDTLS_PRIVATE(ticket_len);          /*!< session ticket length   */
     uint32_t MBEDTLS_PRIVATE(ticket_lifetime);   /*!< ticket lifetime hint    */
-#endif /* ( MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C ) || MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
     uint32_t MBEDTLS_PRIVATE(max_early_data_size);   /*!< max data allowed */
-#endif /*  MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED */
+#endif /*  MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
     uint8_t MBEDTLS_PRIVATE(endpoint);          /*!< 0: client, 1: server */
@@ -1504,9 +1504,7 @@ struct mbedtls_ssl_config
     void *MBEDTLS_PRIVATE(p_cookie);                 /*!< context for the cookie callbacks   */
 #endif
 
-#if ((defined(MBEDTLS_SSL_SESSION_TICKETS) || \
-     (defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_3)) ) \
-    && defined(MBEDTLS_SSL_SRV_C))
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
     /** Callback to create & write a session ticket                         */
     int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
             unsigned char *, const unsigned char *, size_t *, uint32_t * );
@@ -2608,7 +2606,7 @@ typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
                                         unsigned char *buf,
                                         size_t len );
 
-#if (defined(MBEDTLS_SSL_SESSION_TICKETS) || defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)) && defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
 /**
  * \brief           Configure SSL session ticket callbacks (server only).
  *                  (Default: none.)
@@ -2627,7 +2625,7 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
         mbedtls_ssl_ticket_write_t *f_ticket_write,
         mbedtls_ssl_ticket_parse_t *f_ticket_parse,
         void *p_ticket );
-#endif /* ( MBEDTLS_SSL_SESSION_TICKETS || MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED ) && MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
 
 /**
  * \brief   Configure a key export callback.

diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
@@ -83,9 +83,9 @@ typedef struct
     unsigned char MBEDTLS_PRIVATE(active);           /*!< index of the currently active key  */
 
     uint32_t MBEDTLS_PRIVATE(ticket_lifetime);       /*!< lifetime of tickets in seconds     */
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     mbedtls_ssl_ticket_flags MBEDTLS_PRIVATE(flags); /*!< ticket flags                       */
-#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED && MBEDTLS_SSL_PROTO_TLS1_3  */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3  */
 
     /** Callback for getting (pseudo-)random numbers                        */
     int  (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
@@ -572,11 +572,9 @@ struct mbedtls_ssl_handshake_params
     uint8_t certificate_request_sent;
 #endif /* MBEDTLS_SSL_SRV_C */
 
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) || \
-    ( defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
     uint8_t new_session_ticket;         /*!< use NewSessionTicket?    */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS ||
-          ( MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED && MBEDTLS_SSL_PROTO_TLS1_3 ) */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_SSL_CLI_C)
     /** Minimum TLS version to be negotiated.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
@@ -1261,7 +1261,8 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
         goto error;
 
     /* Initialize ticket structure */
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED) && defined(MBEDTLS_SSL_CLI_C) && \
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+    defined(MBEDTLS_SSL_CLI_C) && \
     defined(MBEDTLS_SSL_PROTO_TLS1_3)
     ssl->session_negotiate->ticket = NULL;
 #endif

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
@@ -44,9 +44,9 @@
 
 #include "mbedtls/hkdf.h"
 
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
 #include "mbedtls/ssl_ticket.h"
-#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 
 
@@ -3861,10 +3861,10 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
 
         case MBEDTLS_SSL_CLIENT_HELLO:
 
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
             ssl->session_negotiate->tls_version = ssl->tls_version;
             ssl->session_negotiate->endpoint = ssl->conf->endpoint;
-#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
             ret = ssl_tls13_process_client_hello( ssl );
             if( ret != 0 )

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
@@ -679,7 +679,7 @@ struct options
     int dummy_ticket;           /* enable / disable dummy ticket generator  */
     int ticket_rotate;          /* session ticket rotate (code coverage)    */
     int ticket_timeout;         /* session ticket lifetime                  */
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
     mbedtls_ssl_ticket_flags ticket_flags;   /* ticket flags                */
 #endif
     int ticket_aead;            /* session ticket protection                */
@@ -1728,9 +1728,9 @@ int main( int argc, char *argv[] )
     opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
     opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
     opt.psk                 = DFL_PSK;
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
     opt.ticket_flags        = DFL_TICKET_FLAGS;
-#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
     opt.early_data          = DFL_EARLY_DATA;
     opt.sig_algs            = DFL_SIG_ALGS;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2206,7 +2206,7 @@ int main( int argc, char *argv[] )
             if( opt.ticket_timeout < 0 )
                 goto usage;
         }
-#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
         else if( strcmp( p, "ticket_flags" ) == 0 )
         {
             mbedtls_ssl_ticket_flags temp = atoi( q );

diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
@@ -26,7 +26,6 @@
 #define MBEDTLS_SSL_PROTO_TLS1_3
 #define MBEDTLS_ZERO_RTT
 #define MBEDTLS_SSL_EARLY_DATA
-#define MBEDTLS_SSL_NEW_SESSION_TICKET_REMOVED
 
 /* Disable TLS 1.2 and 1.2-specific features */
 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC