mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-31 10:20:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix various issues

Browse Source 
- fix wrong typo
- remove redundant check
- remove psk mode tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2023-10-18 15:50:35 +08:00
parent bd4dd81606
commit b47b2990d6
2 changed files with 8 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
library/ssl_tls13_server.c
View File

@ -1757,29 +1757,14 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
if ((handshake->received_extensions & if ((handshake->received_extensions &
MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) { MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
MBEDTLS_SSL_DEBUG_MSG( MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: early data extension is not received.")); 1, ("EarlyData: no early data extension received."));
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED; ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED;
return; return;
} }
/* We do not accept early data for the time being */
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: rejected. configured disabled."));
return;
}
MBEDTLS_SSL_DEBUG_MSG(
3, ("EarlyData: conf->max_early_data_size = %u",
(unsigned int) ssl->conf->max_early_data_size));
/* TODO: Add more checks here. */
MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: For time being, it should not happen."));
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
} }
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
@ -1812,7 +1797,6 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
/* There is enough information, update early data state. */ /* There is enough information, update early data state. */
ssl_tls13_update_early_data_status(ssl); ssl_tls13_update_early_data_status(ssl);
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
return 0; return 0;

29
tests/opt-testcases/tls13-misc.sh
View File

@ -497,31 +497,14 @@ requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: EarlyData: ephemeral: feature is disabled, fail." \ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1 $(get_srv_psk_list)" \ "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1 $(get_srv_psk_list)" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL -d 10 -r --earlydata $EARLY_DATA_INPUT" \
1 \ 1 \
-c "Resume Handshake was completed" \ -s "ClientHello: early_data(42) extension exists." \
-s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension does not exists." \
-S "EncryptedExtensions: early_data(42) extension exists." \ -s "NewSessionTicket: early_data(42) extension does not exist." \
-s "NewSessionTicket: early_data(42) extension does not exist." -s "Last error was: -29056 - SSL - Verification of the message MAC failed"
requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: EarlyData: psk*: feature is disabled, fail." \
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=-1 $(get_srv_psk_list)" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \
-d 10 -r --earlydata $EARLY_DATA_INPUT \
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
1 \
-c "Resume Handshake was completed" \
-s "ClientHello: early_data(42) extension exists." \
-S "EncryptedExtensions: early_data(42) extension exists." \
-s "NewSessionTicket: early_data(42) extension does not exist."