diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index f079e687d9..025732e03d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -582,12 +582,12 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_CLI_C)
- /*!< Number of Hello Retry Request messages received from the server. */
+ /** Number of Hello Retry Request messages received from the server. */
int hello_retry_request_count;
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- /*!< selected_group of key_share extension in HelloRetryRequest message. */
+ /** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group;
#endif /* MBEDTLS_SSL_SRV_C */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 2e0dd39c9c..447bc0e3dc 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -125,9 +125,7 @@ static int ssl_tls13_parse_supported_groups_ext(
named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- MBEDTLS_SSL_DEBUG_MSG(
- 2, ( "got named group: %d",
- named_group ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "got named group: %d", named_group ) );
if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
! mbedtls_ssl_named_group_is_supported( named_group ) ||
@@ -233,13 +231,8 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
match_found = 1;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
- ret = psa_crypto_init();
- if( ret != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_crypto_init()", ret );
- return( ret );
- }
- ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p - 2, key_exchange_len + 2 );
+ ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
+ ssl, p - 2, key_exchange_len + 2 );
if( ret != 0 )
return( ret );
}
@@ -385,8 +378,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
size_t legacy_session_id_len;
- size_t cipher_suites_len;
const unsigned char *cipher_suites_start;
+ size_t cipher_suites_len;
size_t extensions_len;
const unsigned char *extensions_end;
@@ -494,13 +487,12 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
/*
* Search for a matching ciphersuite
*/
- size_t ciphersuite_exist = 0;
- uint16_t cipher_suite;
+ int ciphersuite_match = 0;
ciphersuite_info = NULL;
for ( size_t j = 0; j < cipher_suites_len;
j += 2, p += 2 )
{
- cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+ uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
cipher_suite );
/*
@@ -514,14 +506,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info;
- ciphersuite_exist = 1;
+ ciphersuite_match = 1;
break;
}
- if( !ciphersuite_exist )
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ if( !ciphersuite_match )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return ( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
ciphersuite_info->name ) );
@@ -562,7 +558,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
size_t extension_data_len;
const unsigned char *extension_data_end;
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
p += 4;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 948d2e016e..b5b0248aa5 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -65,7 +65,7 @@ int main( void )
#include <windows.h>
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
#endif
@@ -1421,7 +1421,7 @@ int main( int argc, char *argv[] )
int i;
char *p, *q;
const int *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t status;
#endif
unsigned char eap_tls_keymaterial[16];
@@ -1487,7 +1487,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_cookie_init( &cookie_ctx );
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if( status != PSA_SUCCESS )
{
@@ -4127,7 +4127,7 @@ exit:
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char* message = mbedtls_test_helper_is_psa_leaking();
if( message )
{
@@ -4139,8 +4139,8 @@ exit:
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) \
+ && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free( );
#endif
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d870076884..b0f5f4bead 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -10209,12 +10209,11 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA38
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_openssl_tls1_3
-run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
+run_test "TLS 1.3: Server side check - openssl" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -tls1_3" \
1 \
@@ -10227,11 +10226,10 @@ run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - op
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
+run_test "TLS 1.3: Server side check - gnutls" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
1 \