TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 745bb616a47d48378f4e4f2ce572f0f1678c4e96^! / .
commit745bb616a47d48378f4e4f2ce572f0f1678c4e96[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Wed Oct 13 22:01:04 2021 +0800
committerJerry Yu <jerry.h.yu@arm.com>Mon Oct 25 10:41:29 2021 +0800
tree70911f18cb677d498be6764079c3c4a5c39b8e36
parent193f0e74497fc97e56a31a075fb395cca8e85494 [diff]
Fix format issue and enhance test

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 15bf43b..2924fd8 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -926,6 +926,11 @@
     return( SSL_SERVER_HELLO_COORDINATE_HELLO );
 }
 
+/* Fetch and preprocess
+ * Returns a negative value on failure, and otherwise
+ * - SSL_SERVER_HELLO_COORDINATE_HELLO or
+ * - SSL_SERVER_HELLO_COORDINATE_HRR
+ */
 static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
                                               unsigned char **buf,
                                               size_t *buf_len )
@@ -950,12 +955,12 @@
     ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len );
     switch( ret )
     {
-    case SSL_SERVER_HELLO_COORDINATE_HELLO:
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
-        break;
-    case SSL_SERVER_HELLO_COORDINATE_HRR:
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
-        break;
+        case SSL_SERVER_HELLO_COORDINATE_HELLO:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
+            break;
+        case SSL_SERVER_HELLO_COORDINATE_HRR:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
+            break;
     }
 
 cleanup:
@@ -1248,26 +1253,26 @@
     switch( handshake->extensions_present &
             ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) )
     {
-    /* Only the pre_shared_key extension was received */
-    case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
-        break;
+        /* Only the pre_shared_key extension was received */
+        case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+            break;
 
-    /* Only the key_share extension was received */
-    case MBEDTLS_SSL_EXT_KEY_SHARE:
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
-        break;
+        /* Only the key_share extension was received */
+        case MBEDTLS_SSL_EXT_KEY_SHARE:
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+            break;
 
-    /* Both the pre_shared_key and key_share extensions were received */
-    case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
-        handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-        break;
+        /* Both the pre_shared_key and key_share extensions were received */
+        case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
+            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+            break;
 
-    /* Neither pre_shared_key nor key_share extension was received */
-    default:
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
-        ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
-        goto cleanup;
+        /* Neither pre_shared_key nor key_share extension was received */
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
+            ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+            goto cleanup;
     }
 
     /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2b91025..ad7abbb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -8678,7 +8678,7 @@
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - openssl" \
             "$O_NEXT_SRV -tls1_3 -msg" \
-            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
             -s "ServerHello"                \
@@ -8695,6 +8695,8 @@
             -c "tls1_3 client state: 14"    \
             -c "tls1_3 client state: 15"    \
             -c "<= ssl_tls1_3_process_server_hello" \
+            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello"
 
 requires_gnutls_tls1_3
@@ -8702,7 +8704,7 @@
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: Test client hello msg work - gnutls" \
             "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
-            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
             1 \
             -c "SSL - The requested feature is not available" \
             -s "SERVER HELLO was queued"    \
@@ -8719,8 +8721,11 @@
             -c "tls1_3 client state: 14"    \
             -c "tls1_3 client state: 15"    \
             -c "<= ssl_tls1_3_process_server_hello" \
+            -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+            -c "ECDH curve: x25519"         \
             -c "=> ssl_tls1_3_process_server_hello"
 
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_MEMORY_DEBUG
 requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C