tls: Simplify the logic of the config version check and test it
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d5aed2e..0e1d0ea 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -882,13 +882,6 @@
const mbedtls_ssl_config *conf = ssl->conf;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_tls13_enabled( conf ) &&
- ( conf->endpoint == MBEDTLS_SSL_IS_SERVER ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
if( mbedtls_ssl_conf_is_tls13_only( conf ) )
{
if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
@@ -896,6 +889,13 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
+
+ if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
return( 0 );
}
@@ -917,6 +917,13 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
+
+ if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) );
return( 0 );
}
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index e330016..f1b8fee 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3212,5 +3212,123 @@
Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
conf_group:
+Version config: valid client TLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:0
+
+Version config: valid client DTLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:0
+
+Version config: valid server TLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:0
+
+Version config: valid server DTLS 1.2 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:0
+
+Version config: invalid client TLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid client DTLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server TLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server DTLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: valid client TLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:0
+
+Version config: unsupported client DTLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: unsupported server TLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: unsupported server DTLS 1.3 only
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: invalid client TLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid client DTLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server TLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid server DTLS 1.3 only
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: valid client hybrid TLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:0
+
+Version config: unsupported client hybrid DTLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: unsupported server hybrid TLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: unsupported server hybrid DTLS 1.2/3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+Version config: valid client hybrid TLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.2
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: valid client hybrid TLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.3
+depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid minimum version
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:2:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
+
+Version config: invalid maximum version
+conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:5:MBEDTLS_ERR_SSL_BAD_CONFIG
+
Test accessor into timing_delay_context
timing_final_delay_accessor
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 54ee23f..fc8b27f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -5369,6 +5369,30 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void conf_version( int endpoint, int transport,
+ int min_version_major, int min_version_minor,
+ int max_version_major, int max_version_minor,
+ int expected_ssl_setup_result )
+{
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_context ssl;
+
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ssl_init( &ssl );
+
+ mbedtls_ssl_conf_endpoint( &conf, endpoint );
+ mbedtls_ssl_conf_transport( &conf, transport );
+ mbedtls_ssl_conf_min_version( &conf, min_version_major, min_version_minor );
+ mbedtls_ssl_conf_max_version( &conf, max_version_major, max_version_minor );
+
+ TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == expected_ssl_setup_result );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
void conf_curve()
{