yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ssl_client2: Simplify early_data option

Browse source 
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-01-25 09:39:59 +01:00
parent b62732e1d6
commit 54a3829453
2 changed files with 16 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
programs/ssl/ssl_client2.c
View file

@ -52,7 +52,7 @@ int main(void)
#define DFL_KEY_OPAQUE 0 #define DFL_KEY_OPAQUE 0
#define DFL_KEY_PWD "" #define DFL_KEY_PWD ""
#define DFL_PSK "" #define DFL_PSK ""
#define DFL_EARLY_DATA "" #define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED
#define DFL_PSK_OPAQUE 0 #define DFL_PSK_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity" #define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL #define DFL_ECJPAKE_PW NULL
@ -347,9 +347,8 @@ int main(void)
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
#define USAGE_EARLY_DATA \ #define USAGE_EARLY_DATA \
" early_data=%%s The file path to read early data from\n" \ " early_data=%%d default: 0 (disabled)\n" \
" default: \"\" (do nothing)\n" \ " options: 0 (disabled), 1 (enabled)\n"
" option: a file path\n"
#else #else
#define USAGE_EARLY_DATA "" #define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
@ -544,7 +543,7 @@ struct options {
int reproducible; /* make communication reproducible */ int reproducible; /* make communication reproducible */
int skip_close_notify; /* skip sending the close_notify alert */ int skip_close_notify; /* skip sending the close_notify alert */
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
const char *early_data; /* the path of the file to read early data from */ int early_data; /* early data enablement flag */
#endif #endif
int query_config_mode; /* whether to read config */ int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */ int use_srtp; /* Support SRTP */
@ -742,10 +741,6 @@ int main(int argc, char *argv[])
size_t cid_renego_len = 0; size_t cid_renego_len = 0;
#endif #endif
#if defined(MBEDTLS_SSL_EARLY_DATA)
FILE *early_data_fp = NULL;
#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE]; const char *alpn_list[ALPN_LIST_SIZE];
#endif #endif
@ -1201,7 +1196,15 @@ usage:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
else if (strcmp(p, "early_data") == 0) { else if (strcmp(p, "early_data") == 0) {
opt.early_data = q; switch (atoi(q)) {
case 0:
opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
break;
case 1:
opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
break;
default: goto usage;
}
} }
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
@ -1968,16 +1971,7 @@ usage:
} }
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; mbedtls_ssl_conf_early_data(&conf, opt.early_data);
if (strlen(opt.early_data) > 0) {
if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) {
mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n",
opt.early_data);
goto exit;
}
early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED;
}
mbedtls_ssl_conf_early_data(&conf, early_data_enabled);
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
@ -3035,12 +3029,6 @@ exit:
mbedtls_ssl_config_free(&conf); mbedtls_ssl_config_free(&conf);
mbedtls_ssl_session_free(&saved_session); mbedtls_ssl_session_free(&saved_session);
#if defined(MBEDTLS_SSL_EARLY_DATA)
if (early_data_fp != NULL) {
fclose(early_data_fp);
}
#endif
if (session_data != NULL) { if (session_data != NULL) {
mbedtls_platform_zeroize(session_data, session_data_len); mbedtls_platform_zeroize(session_data, session_data_len);
} }

4
tests/opt-testcases/tls13-misc.sh
View file

@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_
run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \
--earlydata --maxearlydata 16384 --disable-client-cert" \ --earlydata --maxearlydata 16384 --disable-client-cert" \
"$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \
0 \ 0 \
-c "received max_early_data_size: 16384" \ -c "received max_early_data_size: 16384" \
-c "Reconnecting with saved session" \ -c "Reconnecting with saved session" \
@ -287,7 +287,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
"$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \
0 \ 0 \
-c "Reconnecting with saved session" \ -c "Reconnecting with saved session" \
-C "NewSessionTicket: early_data(42) extension received." \ -C "NewSessionTicket: early_data(42) extension received." \