Update test cases and fix the test failure

Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-19 06:36:17 +00:00 · 2022-04-19 06:36:17 +00:00 · 3f84d5d0cd
commit 3f84d5d0cd
parent b67384d05c
2 changed files with 17 additions and 2 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -253,6 +253,12 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,

            match_found = 1;
            MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+            ret = psa_crypto_init();
+            if( ret != PSA_SUCCESS )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "psa_crypto_init()", ret );
+                return( ret );
+            }
            ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p - 2, end - p + 2 );
            if( ret != 0 )
                return( ret );
@ -648,7 +654,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
     * - The entire content of the CH message, if no PSK extension is present
     * - The content up to but excluding the PSK extension, if present.
     */
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                                        buf, p - buf );
    /*
     * Search for a matching ciphersuite
@ -793,6 +799,11 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )

            break;

+        case MBEDTLS_SSL_SERVER_HELLO:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSL - The requested feature is not available" ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+            break;
        default:
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -10219,6 +10219,8 @@ run_test    "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - op
            "$O_NEXT_CLI -msg -tls1_3" \
            1 \
            -s " tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+            -s " tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+            -s " SSL - The requested feature is not available" \
            -s "=> parse client hello" \
            -s "<= parse client hello"

@ -10231,9 +10233,11 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS 1.3: Server side check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
            "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
-            "$G_NEXT_CLI -d 4 localhost --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS" \
+            "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
            1 \
            -s " tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+            -s " tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+            -s " SSL - The requested feature is not available" \
            -s "=> parse client hello" \
            -s "<= parse client hello"