diff --git a/library/ssl_client.c b/library/ssl_client.c index 90ec252d42..543c82162a 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -637,8 +637,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* The "pre_shared_key" extension (RFC 8446 Section 4.2.11) * MUST be the last extension in the ClientHello. */ @@ -650,7 +649,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, return( ret ); p += output_len; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ /* Write the length of the list of extensions. */ extensions_len = p - p_extensions_len - 2; @@ -957,8 +956,7 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, msg_len ); ssl->handshake->update_checksum( ssl, buf, msg_len - binders_len ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if( binders_len > 0 ) { MBEDTLS_SSL_PROC_CHK( @@ -967,7 +965,7 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->handshake->update_checksum( ssl, buf + msg_len - binders_len, binders_len ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len, diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a58e2a1249..5a23676f34 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -619,7 +619,7 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_SSL_SRV_C) /** selected_group of key_share extension in HelloRetryRequest message. */ uint16_t hrr_selected_group; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) @@ -1786,7 +1786,8 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) ); } -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /** * Given a list of key exchange modes, check if at least one of them is * supported. @@ -1833,7 +1834,8 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) return( ! mbedtls_ssl_tls13_check_kex_modes( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) ); } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ /* * Helper functions to check the selected key exchange mode. @@ -2451,7 +2453,7 @@ int mbedtls_ssl_check_dtls_clihlo_cookie( unsigned char *obuf, size_t buf_len, size_t *olen ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /** * \brief Given an SSL context and its associated configuration, write the TLS * 1.3 specific Pre-Shared key extension. @@ -2484,7 +2486,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end ); -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1e7d9a33b2..7486f1f869 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3665,7 +3665,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_free( handshake->psk ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -4895,7 +4895,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) conf->psk_identity = NULL; conf->psk_identity_len = 0; } -#endif +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) ssl_key_cert_free( conf->key_cert ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c44399e3a7..acac23174f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -602,7 +602,7 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, return( 0 ); } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* * ssl_tls13_write_psk_key_exchange_modes_ext() structure: * @@ -1112,8 +1112,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, return( 0 ); } - -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -1151,7 +1150,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, p += ext_len; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* For PSK-based key exchange we need the pre_shared_key extension * and the psk_key_exchange_modes extension. * @@ -1165,7 +1164,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, if( ret != 0 ) return( ret ); p += ext_len; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif *out_len = p - buf; @@ -1681,7 +1680,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, goto cleanup; break; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); if( is_hrr ) @@ -1698,7 +1697,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, return( ret ); } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) ); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 2209dd145c..5954b62efb 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1067,7 +1067,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) } hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) ) { ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len ); @@ -1083,7 +1083,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len, handshake->tls13_master_secrets.early ); #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) mbedtls_free( (void*)psk ); #endif if( ret != 0 ) @@ -1614,7 +1614,7 @@ cleanup: return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, unsigned char **psk, size_t *psk_len ) @@ -1655,7 +1655,7 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, return( 0 ); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index f3bdf373bf..966b5c5e4b 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -691,7 +691,7 @@ int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl ); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /** * \brief Export TLS 1.3 PSK from handshake context * @@ -707,7 +707,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl, unsigned char **psk, size_t *psk_len ); -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e5cd416e52..2b33a00e12 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -59,7 +59,7 @@ static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite( return( ciphersuite_info ); } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* From RFC 8446: * * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; @@ -701,7 +701,7 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ /* From RFC 8446: * struct { @@ -993,7 +993,7 @@ static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( MBEDTLS_SSL_EXT_SIG_ALG ) ); } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange( mbedtls_ssl_context *ssl ) @@ -1015,7 +1015,7 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) ); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) @@ -1027,7 +1027,7 @@ static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) return( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) && mbedtls_ssl_tls13_psk_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange( ssl ) ); @@ -1040,7 +1040,7 @@ static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) return( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) && mbedtls_ssl_tls13_psk_ephemeral_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( ssl ) ); @@ -1289,11 +1289,11 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *extensions_end; int hrr_required = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) const unsigned char *cipher_suites; const unsigned char *pre_shared_key_ext = NULL; const unsigned char *pre_shared_key_ext_end = NULL; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; @@ -1400,7 +1400,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * with CipherSuite defined as: * uint8 CipherSuite[2]; */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) cipher_suites = p; #endif cipher_suites_end = p + cipher_suites_len; @@ -1581,7 +1581,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS; break; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found psk key exchange modes extension" ) ); @@ -1596,7 +1596,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES; break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); @@ -1608,14 +1608,14 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* Delay processing of the PSK identity once we have * found out which algorithms to use. We keep a pointer * to the buffer and the size for later processing. */ pre_shared_key_ext = p; pre_shared_key_ext_end = extension_data_end; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; break; @@ -1669,7 +1669,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, p - buf ); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* Update checksum with either * - The entire content of the CH message, if no PSK extension is present * - The content up to but excluding the PSK extension, if present. @@ -1698,7 +1698,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ { ssl->handshake->update_checksum( ssl, buf, p - buf ); } @@ -2154,7 +2154,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, p += output_len; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if( !is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) ) { ret = ssl_tls13_write_server_pre_shared_key_ext( ssl, p, end, &output_len ); @@ -2166,7 +2166,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, } p += output_len; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif MBEDTLS_PUT_UINT16_BE( p - p_extensions_len - 2, p_extensions_len, 0 ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 42faac01ca..7072494579 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12981,6 +12981,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -12997,6 +12998,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -13015,6 +13017,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED # https://github.com/openssl/openssl/issues/10714 # Until now, OpenSSL client does not support reconnect. skip_next_test @@ -13033,6 +13036,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ @@ -13052,6 +13056,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -13105,6 +13110,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -13128,6 +13134,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \