fix various issues

- Debug message
- Improve comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2023-11-07 14:30:38 +08:00
parent 2bea94ce2e
commit 7ef9fd8989
2 changed files with 10 additions and 9 deletions

View file

@ -160,7 +160,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
mbedtls_free(ticket_buffer);
if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid."));
MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
/* TODO: Define new return value for this case. */
ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
}
@ -1781,7 +1782,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
via a NewSessionTicket message thus in the case of a session
resumption. */
MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: rejected, not resumption session."));
1, ("EarlyData: rejected, not a session resumption."));
return;
}
@ -1796,26 +1797,27 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
* - The selected ALPN [RFC7301] protocol, if any
*
* NOTE:
* - ALPN hasn't been checked.
* - TLS version is checked in
* ssl_tls13_offered_psks_check_identity_match_ticket()
* - The TLS version number is checked in
* ssl_tls13_offered_psks_check_identity_match_ticket().
* - ALPN is not checked for the time being (TODO).
*/
if (handshake->selected_identity != 0) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: rejected, first psk key is not offered."));
1, ("EarlyData: rejected, the selected key in "
"`pre_shared_key` is not the first one."));
return;
}
if (handshake->ciphersuite_info->id !=
ssl->session_negotiate->ciphersuite) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: rejected, selected ciphersuite mismatch."));
1, ("EarlyData: rejected, the selected ciphersuite is not the one "
"of the selected pre-shared key."));
return;
}
/* TODO: Add more checks here. */
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;

View file

@ -513,7 +513,6 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \
-s "Last error was: -29056 - SSL - Verification of the message MAC failed"
requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \