commit 3f84d5d0cd8c58ca92f448a664fc6a25c9a98697
author XiaokangQian <xiaokang.qian@arm.com> Tue Apr 19 06:36:17 2022 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Wed Apr 20 07:45:50 2022 +0000
tree 2e29e0d9772ffffb77a4f85816a6cc2b9d410c53
parent b67384d05ca601cf27bdf4d222b055603da955e5

Update test cases and fix the test failure

Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 2122a6e..9e0ea79 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -253,6 +253,12 @@
 
             match_found = 1;
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+            ret = psa_crypto_init();
+            if( ret != PSA_SUCCESS )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "psa_crypto_init()", ret );
+                return( ret );
+            }
             ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p - 2, end - p + 2 );
             if( ret != 0 )
                 return( ret );
@@ -648,7 +654,7 @@
      * - The entire content of the CH message, if no PSK extension is present
      * - The content up to but excluding the PSK extension, if present.
      */
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                                         buf, p - buf );
     /*
      * Search for a matching ciphersuite
@@ -793,6 +799,11 @@
 
             break;
 
+        case MBEDTLS_SSL_SERVER_HELLO:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSL - The requested feature is not available" ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+            break;
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dac868f..d870076 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -10219,6 +10219,8 @@
             "$O_NEXT_CLI -msg -tls1_3" \
             1 \
             -s " tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+            -s " tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+            -s " SSL - The requested feature is not available" \
             -s "=> parse client hello" \
             -s "<= parse client hello"
 
@@ -10231,9 +10233,11 @@
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS 1.3: Server side check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
             "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
-            "$G_NEXT_CLI -d 4 localhost --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS" \
+            "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
             1 \
             -s " tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+            -s " tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+            -s " SSL - The requested feature is not available" \
             -s "=> parse client hello" \
             -s "<= parse client hello"