AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix test failure issue and update code styles

Browse Source 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-04-20 09:43:51 +00:00
parent de33391fa0
commit 318dc763a6
4 changed files with 24 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_misc.h
View File

@ -582,12 +582,12 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_CLI_C)
/*!< Number of Hello Retry Request messages received from the server. */
/** Number of Hello Retry Request messages received from the server. */
int hello_retry_request_count;
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
/*!< selected_group of key_share extension in HelloRetryRequest message. */
/** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group;
#endif /* MBEDTLS_SSL_SRV_C */

32
library/ssl_tls13_server.c
View File

@ -125,9 +125,7 @@ static int ssl_tls13_parse_supported_groups_ext(
named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
MBEDTLS_SSL_DEBUG_MSG(
2, ( "got named group: %d",
named_group ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got named group: %d", named_group ) );
if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
! mbedtls_ssl_named_group_is_supported( named_group ) ||
@ -233,13 +231,8 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
match_found = 1;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
ret = psa_crypto_init();
if( ret != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_crypto_init()", ret );
return( ret );
}
ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p - 2, key_exchange_len + 2 );
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
ssl, p - 2, key_exchange_len + 2 );
if( ret != 0 )
return( ret );
}
@ -385,8 +378,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
size_t legacy_session_id_len;
size_t cipher_suites_len;
const unsigned char *cipher_suites_start;
size_t cipher_suites_len;
size_t extensions_len;
const unsigned char *extensions_end;
@ -494,13 +487,12 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
/*
* Search for a matching ciphersuite
*/
size_t ciphersuite_exist = 0;
uint16_t cipher_suite;
int ciphersuite_match = 0;
ciphersuite_info = NULL;
for ( size_t j = 0; j < cipher_suites_len;
j += 2, p += 2 )
{
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
cipher_suite );
/*
@ -514,14 +506,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info;
ciphersuite_exist = 1;
ciphersuite_match = 1;
break;
}
if( !ciphersuite_exist )
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
if( !ciphersuite_match )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return ( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
ciphersuite_info->name ) );
@ -562,7 +558,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
size_t extension_data_len;
const unsigned char *extension_data_end;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
p += 4;

12
programs/ssl/ssl_server2.c
View File

@ -65,7 +65,7 @@ int main( void )
#include <windows.h>
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
#endif
@ -1421,7 +1421,7 @@ int main( int argc, char *argv[] )
int i;
char *p, *q;
const int *list;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t status;
#endif
unsigned char eap_tls_keymaterial[16];
@ -1487,7 +1487,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_cookie_init( &cookie_ctx );
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if( status != PSA_SUCCESS )
{
@ -4127,7 +4127,7 @@ exit:
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char* message = mbedtls_test_helper_is_psa_leaking();
if( message )
{
@ -4139,8 +4139,8 @@ exit:
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
#if ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) \
&& !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free( );
#endif

6
tests/ssl-opt.sh
View File

@ -10209,12 +10209,11 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA38
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_openssl_tls1_3
run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
run_test "TLS 1.3: Server side check - openssl" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -tls1_3" \
1 \
@ -10227,11 +10226,10 @@ run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - op
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
run_test "TLS 1.3: Server side check - gnutls" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
1 \