mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 04:20:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

remove misbehavior tests and code

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2023-12-06 15:43:23 +08:00
parent 95648b0134
commit 750e06743f
2 changed files with 20 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
programs/ssl/ssl_server2.c
View File

@ -122,7 +122,7 @@ int main(void)
#define DFL_SNI NULL #define DFL_SNI NULL
#define DFL_ALPN_STRING NULL #define DFL_ALPN_STRING NULL
#define DFL_GROUPS NULL #define DFL_GROUPS NULL
#define DFL_MAX_EARLY_DATA_SIZE NULL #define DFL_MAX_EARLY_DATA_SIZE 0
#define DFL_SIG_ALGS NULL #define DFL_SIG_ALGS NULL
#define DFL_DHM_FILE NULL #define DFL_DHM_FILE NULL
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
@ -427,17 +427,11 @@ int main(void)
#define USAGE_ECJPAKE "" #define USAGE_ECJPAKE ""
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#define ARRAY_LENGTH(a) (sizeof(a)/sizeof(a[0]))
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
#define USAGE_EARLY_DATA \ #define USAGE_EARLY_DATA \
" max_early_data_size=%%d default: -1 (disabled)\n" \ " max_early_data_size=%%d default: -1 (disabled)\n" \
" The max amount of 0-RTT data for 1st and 2nd connection\n" \ " options: -1 (disabled), " \
" format: 1st_connection_value[,2nd_connection_value]\n" \ " >= 0 (enabled, max amount of early data )\n"
" available values: < 0 (disabled), >= 0 (enabled).\n" \
" The absolute value is the max amount of 0-RTT data \n" \
" up to UINT32_MAX. \n"
#else #else
#define USAGE_EARLY_DATA "" #define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
@ -700,7 +694,7 @@ struct options {
const char *cid_val_renego; /* the CID to use for incoming messages const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */ * after renegotiation */
int reproducible; /* make communication reproducible */ int reproducible; /* make communication reproducible */
const char *max_early_data_size; /* max amount list of early data */ uint32_t max_early_data_size; /* max amount of early data */
int query_config_mode; /* whether to read config */ int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */ int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */ int force_srtp_profile; /* SRTP protection profile to use or all */
@ -1616,9 +1610,7 @@ int main(int argc, char *argv[])
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
long long max_early_data_size_list[2]; int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED;
size_t max_early_data_size_count = 0;
size_t tls13_connection_counter = 0;
#endif #endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
@ -1988,23 +1980,12 @@ usage:
#endif #endif
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
else if (strcmp(p, "max_early_data_size") == 0) { else if (strcmp(p, "max_early_data_size") == 0) {
char *endptr, *str; long long value = atoll(q);
opt.max_early_data_size = q; tls13_early_data_enabled =
str = endptr = q; value >= 0 ? MBEDTLS_SSL_EARLY_DATA_ENABLED :
for (size_t early_data_size_iter = 0; MBEDTLS_SSL_EARLY_DATA_DISABLED;
early_data_size_iter < ARRAY_LENGTH(max_early_data_size_list); if (tls13_early_data_enabled) {
early_data_size_iter++) { opt.max_early_data_size = atoi(q);
long long value = strtoll(str, &endptr, 0);
if (str == endptr || (*endptr != ',' && *endptr != '\0')) {
mbedtls_printf("fail\n illegal digital number for max_early_data_size %s\n",
endptr);
goto exit;
}
max_early_data_size_list[max_early_data_size_count++] = value;
if (*endptr == '\0') {
break;
}
str = endptr + 1;
} }
} }
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
@ -2826,6 +2807,14 @@ usage:
mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list); mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list);
} }
#if defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled);
if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
mbedtls_ssl_conf_max_early_data_size(
&conf, opt.max_early_data_size);
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
/* exercise setting DN hints for server certificate request /* exercise setting DN hints for server certificate request
* (Intended for use where the client cert expected has been signed by * (Intended for use where the client cert expected has been signed by
@ -3323,17 +3312,6 @@ usage:
mbedtls_printf(" ok\n"); mbedtls_printf(" ok\n");
reset: reset:
#if defined(MBEDTLS_SSL_EARLY_DATA)
if (tls13_connection_counter < max_early_data_size_count) {
long long max_early_data_size = max_early_data_size_list[tls13_connection_counter];
mbedtls_ssl_conf_early_data(
&conf, max_early_data_size < 0 ? MBEDTLS_SSL_EARLY_DATA_DISABLED :
MBEDTLS_SSL_EARLY_DATA_ENABLED);
mbedtls_ssl_conf_max_early_data_size(&conf, (uint32_t) llabs(max_early_data_size));
}
tls13_connection_counter++;
#endif /* MBEDTLS_SSL_EARLY_DATA */
#if !defined(_WIN32) #if !defined(_WIN32)
if (received_sigterm) { if (received_sigterm) {
mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n"); mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n");

16
tests/opt-testcases/tls13-misc.sh
View File

@ -490,22 +490,6 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
1 \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension does not exist." \
-s "NewSessionTicket: early_data(42) extension does not exist." \
-s "Last error was: -29056 - SSL - Verification of the message MAC failed"
requires_gnutls_next requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \