mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 08:37:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix test failure issue and update code styles

Browse Source 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-04-20 09:43:51 +00:00
parent de33391fa0
commit 318dc763a6
4 changed files with 24 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_misc.h
View File

@ -582,12 +582,12 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
/*!< Number of Hello Retry Request messages received from the server. */ /** Number of Hello Retry Request messages received from the server. */
int hello_retry_request_count; int hello_retry_request_count;
#endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
/*!< selected_group of key_share extension in HelloRetryRequest message. */ /** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group; uint16_t hrr_selected_group;
#endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SRV_C */

32
library/ssl_tls13_server.c
View File

@ -125,9 +125,7 @@ static int ssl_tls13_parse_supported_groups_ext(
named_group = MBEDTLS_GET_UINT16_BE( p, 0 ); named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2; p += 2;
MBEDTLS_SSL_DEBUG_MSG( MBEDTLS_SSL_DEBUG_MSG( 2, ( "got named group: %d", named_group ) );
2, ( "got named group: %d",
named_group ) );
if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) || if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
! mbedtls_ssl_named_group_is_supported( named_group ) || ! mbedtls_ssl_named_group_is_supported( named_group ) ||
@ -233,13 +231,8 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
match_found = 1; match_found = 1;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
ret = psa_crypto_init(); ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
if( ret != PSA_SUCCESS ) ssl, p - 2, key_exchange_len + 2 );
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_crypto_init()", ret );
return( ret );
}
ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p - 2, key_exchange_len + 2 );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
} }
@ -385,8 +378,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf; const unsigned char *p = buf;
size_t legacy_session_id_len; size_t legacy_session_id_len;
size_t cipher_suites_len;
const unsigned char *cipher_suites_start; const unsigned char *cipher_suites_start;
size_t cipher_suites_len;
size_t extensions_len; size_t extensions_len;
const unsigned char *extensions_end; const unsigned char *extensions_end;
@ -494,13 +487,12 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
/* /*
* Search for a matching ciphersuite * Search for a matching ciphersuite
*/ */
size_t ciphersuite_exist = 0; int ciphersuite_match = 0;
uint16_t cipher_suite;
ciphersuite_info = NULL; ciphersuite_info = NULL;
for ( size_t j = 0; j < cipher_suites_len; for ( size_t j = 0; j < cipher_suites_len;
j += 2, p += 2 ) j += 2, p += 2 )
{ {
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
cipher_suite ); cipher_suite );
/* /*
@ -514,14 +506,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
ssl->session_negotiate->ciphersuite = cipher_suite; ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info; ssl->handshake->ciphersuite_info = ciphersuite_info;
ciphersuite_exist = 1; ciphersuite_match = 1;
break; break;
} }
if( !ciphersuite_exist ) if( !ciphersuite_match )
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); {
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return ( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
ciphersuite_info->name ) ); ciphersuite_info->name ) );
@ -562,7 +558,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
size_t extension_data_len; size_t extension_data_len;
const unsigned char *extension_data_end; const unsigned char *extension_data_end;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 ); extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
p += 4; p += 4;

12
programs/ssl/ssl_server2.c
View File

@ -65,7 +65,7 @@ int main( void )
#include <windows.h> #include <windows.h>
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h" #include "test/psa_crypto_helpers.h"
#endif #endif
@ -1421,7 +1421,7 @@ int main( int argc, char *argv[] )
int i; int i;
char *p, *q; char *p, *q;
const int *list; const int *list;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t status; psa_status_t status;
#endif #endif
unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_keymaterial[16];
@ -1487,7 +1487,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_cookie_init( &cookie_ctx ); mbedtls_ssl_cookie_init( &cookie_ctx );
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init(); status = psa_crypto_init();
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ {
@ -4127,7 +4127,7 @@ exit:
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char* message = mbedtls_test_helper_is_psa_leaking(); const char* message = mbedtls_test_helper_is_psa_leaking();
if( message ) if( message )
{ {
@ -4139,8 +4139,8 @@ exit:
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */ * resources are freed by rng_free(). */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) \
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free( ); mbedtls_psa_crypto_free( );
#endif #endif

6
tests/ssl-opt.sh
View File

@ -10209,12 +10209,11 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA38
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_openssl_tls1_3 requires_openssl_tls1_3
run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ run_test "TLS 1.3: Server side check - openssl" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -tls1_3" \ "$O_NEXT_CLI -msg -tls1_3" \
1 \ 1 \
@ -10227,11 +10226,10 @@ run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - op
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ run_test "TLS 1.3: Server side check - gnutls" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
1 \ 1 \