Inprove code base on review comments

Change debug messag for server finished. Change name of generate_application_keys. Remove the client vertificate tests from ssl-opt.sh. Add test strings for server finished in ssl-opt.sh. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 06:17:40 +00:00 · 2021-11-10 06:17:40 +00:00 · d0aa3e9307
commit d0aa3e9307
parent 57b2aff8a8
4 changed files with 12 additions and 13 deletions
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -920,12 +920,12 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s
        goto cleanup;
    }

-    ret = mbedtls_ssl_tls1_3_generate_application_keys(
+    ret = mbedtls_ssl_tls13_generate_application_keys(
        ssl, &traffic_keys );
    if( ret != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1,
-            "mbedtls_ssl_tls1_3_generate_application_keys", ret );
+            "mbedtls_ssl_tls13_generate_application_keys", ret );
        goto cleanup;
    }

@ -981,7 +981,7 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
    unsigned char *buf;
    size_t buflen;

-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished message" ) );

    /* Preprocessing step: Compute handshake digest */
    MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) );
@ -996,7 +996,7 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )

 cleanup:

-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished_in" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished message" ) );
    return( ret );
 }

--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -1111,7 +1111,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
 /* Generate application traffic keys since any records following a 1-RTT Finished message
 * MUST be encrypted under the application traffic key.
 */
-int mbedtls_ssl_tls1_3_generate_application_keys(
+int mbedtls_ssl_tls13_generate_application_keys(
                                        mbedtls_ssl_context *ssl,
                                        mbedtls_ssl_key_set *traffic_keys )
 {
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@ -577,7 +577,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
 *        with states Initial -> Early -> Handshake -> Application, and
 *        this function represents the Handshake -> Application transition.
 *
- *        In the handshake stage, mbedtls_ssl_tls1_3_generate_application_keys()
+ *        In the handshake stage, mbedtls_ssl_tls13_generate_application_keys()
 *        can be used to derive the handshake traffic keys.
 *
 * \param ssl  The SSL context to operate on. This must be in key schedule
@ -601,7 +601,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application(
 * \returns    \c 0 on success.
 * \returns    A negative error code on failure.
 */
-int mbedtls_ssl_tls1_3_generate_application_keys(
+int mbedtls_ssl_tls13_generate_application_keys(
    mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );

 /**
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -8820,9 +8820,7 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
            -c "tls1_3 client state: 19"    \
            -c "tls1_3 client state: 5"     \
            -c "tls1_3 client state: 3"     \
-            -c "tls1_3 client state: 9"     \
            -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 7"     \
            -c "tls1_3 client state: 20"    \
            -c "tls1_3 client state: 11"    \
            -c "tls1_3 client state: 14"    \
@ -8835,7 +8833,8 @@ run_test    "TLS1.3: Test client hello msg work - openssl" \
            -c "Certificate verification flags clear" \
            -c "=> parse certificate verify"          \
            -c "<= parse certificate verify"          \
-            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0"
+            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+            -c "<= parse finished message"

 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@ -8853,9 +8852,7 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
            -c "tls1_3 client state: 19"    \
            -c "tls1_3 client state: 5"     \
            -c "tls1_3 client state: 3"     \
-            -c "tls1_3 client state: 9"     \
            -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 7"     \
            -c "tls1_3 client state: 20"    \
            -c "tls1_3 client state: 11"    \
            -c "tls1_3 client state: 14"    \
@ -8868,7 +8865,9 @@ run_test    "TLS1.3: Test client hello msg work - gnutls" \
            -c "Certificate verification flags clear" \
            -c "=> parse certificate verify"          \
            -c "<= parse certificate verify"          \
-            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0"
+            -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+            -c "<= parse finished message"
+

 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG