From 745bb616a47d48378f4e4f2ce572f0f1678c4e96 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 13 Oct 2021 22:01:04 +0800 Subject: [PATCH] Fix format issue and enhance test Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 51 +++++++++++++++++++++----------------- tests/ssl-opt.sh | 9 +++++-- 2 files changed, 35 insertions(+), 25 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 15bf43bb1c..2924fd8b68 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -926,6 +926,11 @@ static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl, return( SSL_SERVER_HELLO_COORDINATE_HELLO ); } +/* Fetch and preprocess + * Returns a negative value on failure, and otherwise + * - SSL_SERVER_HELLO_COORDINATE_HELLO or + * - SSL_SERVER_HELLO_COORDINATE_HRR + */ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl, unsigned char **buf, size_t *buf_len ) @@ -950,12 +955,12 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl, ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len ); switch( ret ) { - case SSL_SERVER_HELLO_COORDINATE_HELLO: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) ); - break; - case SSL_SERVER_HELLO_COORDINATE_HRR: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) ); - break; + case SSL_SERVER_HELLO_COORDINATE_HELLO: + MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) ); + break; + case SSL_SERVER_HELLO_COORDINATE_HRR: + MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) ); + break; } cleanup: @@ -1248,26 +1253,26 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl ) switch( handshake->extensions_present & ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) ) { - /* Only the pre_shared_key extension was received */ - case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: - handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK; - break; + /* Only the pre_shared_key extension was received */ + case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: + handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK; + break; - /* Only the key_share extension was received */ - case MBEDTLS_SSL_EXT_KEY_SHARE: - handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL; - break; + /* Only the key_share extension was received */ + case MBEDTLS_SSL_EXT_KEY_SHARE: + handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL; + break; - /* Both the pre_shared_key and key_share extensions were received */ - case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): - handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - break; + /* Both the pre_shared_key and key_share extensions were received */ + case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): + handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + break; - /* Neither pre_shared_key nor key_share extension was received */ - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) ); - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto cleanup; + /* Neither pre_shared_key nor key_share extension was received */ + default: + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) ); + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + goto cleanup; } /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret. diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2b91025fd2..ad7abbba07 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8678,7 +8678,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS1.3: Test client hello msg work - openssl" \ "$O_NEXT_SRV -tls1_3 -msg" \ - "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \ 1 \ -c "SSL - The requested feature is not available" \ -s "ServerHello" \ @@ -8695,6 +8695,8 @@ run_test "TLS1.3: Test client hello msg work - openssl" \ -c "tls1_3 client state: 14" \ -c "tls1_3 client state: 15" \ -c "<= ssl_tls1_3_process_server_hello" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "ECDH curve: x25519" \ -c "=> ssl_tls1_3_process_server_hello" requires_gnutls_tls1_3 @@ -8702,7 +8704,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS1.3: Test client hello msg work - gnutls" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \ - "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \ 1 \ -c "SSL - The requested feature is not available" \ -s "SERVER HELLO was queued" \ @@ -8719,8 +8721,11 @@ run_test "TLS1.3: Test client hello msg work - gnutls" \ -c "tls1_3 client state: 14" \ -c "tls1_3 client state: 15" \ -c "<= ssl_tls1_3_process_server_hello" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "ECDH curve: x25519" \ -c "=> ssl_tls1_3_process_server_hello" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C