From c4b8c99a38e2201598c839483c307ba5073fe1e8 Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Thu, 7 Apr 2022 11:31:38 +0000 Subject: [PATCH] Rebase and solve conflicts and issues Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a Signed-off-by: XiaokangQian --- library/ssl_tls.c | 24 ------------------------ library/ssl_tls13_server.c | 9 ++------- tests/ssl-opt.sh | 4 ++-- 3 files changed, 4 insertions(+), 33 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4f1bac67d..cf64e8169 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -912,18 +912,6 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if( mbedtls_ssl_conf_is_tls13_only( conf ) ) { - if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - } - - if( conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - } - MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) ); return( 0 ); } @@ -940,18 +928,6 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( conf ) ) { - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - } - - if( conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - } - MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) ); return( 0 ); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 934737a85..9f55fe76e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -107,8 +107,6 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, ssl->major_ver = major_ver; ssl->minor_ver = minor_ver; - ssl->handshake->max_major_ver = ssl->major_ver; - ssl->handshake->max_minor_ver = ssl->minor_ver; return( 0 ); } @@ -436,10 +434,6 @@ static int ssl_client_hello_process( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buflen ) ); - mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, - MBEDTLS_SSL_HS_CLIENT_HELLO, - buflen ); - MBEDTLS_SSL_PROC_CHK_NEG( ssl_client_hello_parse( ssl, buf, buf + buflen ) ); hrr_required = ret; @@ -786,7 +780,8 @@ static int ssl_client_hello_parse( mbedtls_ssl_context *ssl, * - The entire content of the CH message, if no PSK extension is present * - The content up to but excluding the PSK extension, if present. */ - ssl->handshake->update_checksum( ssl, buf, p - buf ); + mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO, + buf, p - buf ); /* * Search for a matching ciphersuite */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ec6cad8c9..a9948fde8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10223,7 +10223,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_openssl_tls1_3 run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ - "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -tls1_3" \ 1 \ -s "=> parse client hello" \ @@ -10237,7 +10237,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ - "$P_SRV debug_level=4 force_version=tls13 tickets=0" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI -d 4 localhost --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS" \ 1 \ -s "=> parse client hello" \