fix various issues
- improve output message - Remove unnecessary checks - Simplify test command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
2db16b7b16
commit
454dda3e25
2 changed files with 17 additions and 22 deletions
|
|
@ -1766,32 +1766,25 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
|
||||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
|
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
|
||||||
|
|
||||||
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
|
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
|
||||||
MBEDTLS_SSL_DEBUG_MSG(
|
|
||||||
1, ("EarlyData: rejected. configured disabled."));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(
|
|
||||||
3, ("EarlyData: conf->max_early_data_size = %u",
|
|
||||||
(unsigned int) ssl->conf->max_early_data_size));
|
|
||||||
|
|
||||||
if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) {
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(
|
MBEDTLS_SSL_DEBUG_MSG(
|
||||||
1,
|
1,
|
||||||
("EarlyData: rejected. psk or psk_ephemeral is not available."));
|
("EarlyData: rejected, feature disabled in server configuration."));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (handshake && handshake->resume != 1) {
|
if (!handshake->resume) {
|
||||||
|
/* We currently support early data only in the case of PSKs established
|
||||||
|
via a NewSessionTicket message thus in the case of a session
|
||||||
|
resumption. */
|
||||||
MBEDTLS_SSL_DEBUG_MSG(
|
MBEDTLS_SSL_DEBUG_MSG(
|
||||||
1, ("EarlyData: rejected. not resumption session."));
|
1, ("EarlyData: rejected, not resumption session."));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
|
if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
|
||||||
MBEDTLS_SSL_DEBUG_MSG(
|
MBEDTLS_SSL_DEBUG_MSG(
|
||||||
1,
|
1,
|
||||||
("EarlyData: rejected. not a TLS 1.3 ticket."));
|
("EarlyData: rejected, not a TLS 1.3 ticket."));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -500,7 +500,7 @@ requires_gnutls_next
|
||||||
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
|
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
|
||||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
|
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
|
||||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
|
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
|
||||||
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT
|
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||||
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
|
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
|
||||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||||
run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
|
run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
|
||||||
|
|
@ -513,17 +513,19 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
|
||||||
-s "Last error was: -29056 - SSL - Verification of the message MAC failed"
|
-s "Last error was: -29056 - SSL - Verification of the message MAC failed"
|
||||||
|
|
||||||
requires_gnutls_next
|
requires_gnutls_next
|
||||||
|
|
||||||
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
|
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
|
||||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
|
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
|
||||||
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT
|
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
|
||||||
|
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||||
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
|
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
|
||||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||||
run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, fail." \
|
run_test "TLS 1.3 G->m: EarlyData: feature is enabled, fail." \
|
||||||
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN $(get_srv_psk_list)" \
|
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
|
||||||
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \
|
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \
|
||||||
-d 10 -r --earlydata $EARLY_DATA_INPUT \
|
-d 10 -r --earlydata $EARLY_DATA_INPUT " \
|
||||||
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
|
|
||||||
1 \
|
1 \
|
||||||
-s "ClientHello: early_data(42) extension exists." \
|
-s "ClientHello: early_data(42) extension exists." \
|
||||||
-s "EncryptedExtensions: early_data(42) extension exists." \
|
-s "EncryptedExtensions: early_data(42) extension exists." \
|
||||||
-s "NewSessionTicket: early_data(42) extension does not exist."
|
-s "NewSessionTicket: early_data(42) extension does not exist." \
|
||||||
|
-s "Last error was: -29056 - SSL - Verification of the message MAC failed"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue