From 25476a48b9a414d99b4e6a5296be63b607d53455 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Tue, 23 Nov 2021 14:01:21 +0000
Subject: [PATCH] Change code based on review

Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 programs/ssl/ssl_client2.c |  4 ----
 tests/scripts/all.sh       | 14 --------------
 tests/ssl-opt.sh           | 13 +++----------
 3 files changed, 3 insertions(+), 28 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 401f078d9d..204b9754aa 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1534,12 +1534,10 @@ int main( int argc, char *argv[] )
             {
                 sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
             }
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
             else if( strcmp( q, "rsa_pss_rsae_sha256" ) == 0 )
             {
                 sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256;
             }
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
             else
             {
                 mbedtls_printf( "unknown signature algorithm %s\n", q );
@@ -1547,9 +1545,7 @@ int main( int argc, char *argv[] )
                 mbedtls_printf( "ecdsa_secp256r1_sha256 " );
                 mbedtls_printf( "ecdsa_secp384r1_sha384 " );
                 mbedtls_printf( "ecdsa_secp521r1_sha512 " );
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
                 mbedtls_printf( "rsa_pss_rsae_sha256 " );
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
                 mbedtls_printf( "\n" );
                 goto exit;
             }
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6318d4d086..241b1b6d0a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2610,20 +2610,6 @@ component_test_tls13_experimental_with_everest () {
     if_build_succeeded tests/ssl-opt.sh
 }
 
-component_test_tls13_experimental_with_rsa () {
-    msg "default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with rsa"
-    scripts/config.py   set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
-    scripts/config.py   set MBEDTLS_SSL_CLI_C
-    scripts/config.py   set MBEDTLS_RSA_C
-    scripts/config.py   set MBEDTLS_X509_RSASSA_PSS_SUPPORT
-    cmake CC=gcc CMAKE_BUILD_TYPE=ASanDbg .
-    make
-    msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with rsa"
-    make test
-    msg "ssl-opt.sh (TLS 1.3 experimental)"
-    if_build_succeeded tests/ssl-opt.sh -f "TLS 1.3"
-}
-
 component_build_mingw () {
     msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
     make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a562f49f22..a1e469db9d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -78,7 +78,7 @@ else
 fi
 
 if [ -n "${OPENSSL_NEXT:-}" ]; then
-    O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+    O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server7.crt -key data_files/server7.key"
     O_NEXT_SRV_RSA="$OPENSSL_NEXT s_server -www -cert data_files/server2-sha256.crt -key data_files/server2.key"
     O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
 else
@@ -8849,7 +8849,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS 1.3 m->O AES_128_GCM_SHA256      , RSA_PSS_RSAE_SHA256" \
             "$O_NEXT_SRV_RSA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_3 -msg -no_middlebox -num_tickets 0" \
-            "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
+            "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
             0 \
             -c "ECDH curve: x25519" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
@@ -8899,16 +8899,9 @@ requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 requires_gnutls_next
 run_test    "TLS 1.3 m->G AES_128_GCM_SHA256      , RSA_PSS_RSAE_SHA256" \
             "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
-            "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
+            "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
             0 \
-            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-            -s "Ephemeral EC Diffie-Hellman parameters" \
-            -s "Version: TLS1.3" \
-            -s "Cipher: AES-128-GCM" \
-            -S "Client Signature:" \
-            -s "Server Signature: RSA-PSS-RSAE-SHA256" \
             -c "ECDH curve: x25519"         \
-            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "Certificate Verify: Signature algorithm ( 0804 )" \
             -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
             -c "HTTP/1.0 200 OK"