Rebase and solve conflicts and issues
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4f1bac6..cf64e81 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -912,18 +912,6 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_only( conf ) )
{
- if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
return( 0 );
}
@@ -940,18 +928,6 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( conf ) )
{
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) );
return( 0 );
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 934737a..9f55fe7 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -107,8 +107,6 @@
ssl->major_ver = major_ver;
ssl->minor_ver = minor_ver;
- ssl->handshake->max_major_ver = ssl->major_ver;
- ssl->handshake->max_minor_ver = ssl->minor_ver;
return( 0 );
}
@@ -436,10 +434,6 @@
ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
&buf, &buflen ) );
- mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl,
- MBEDTLS_SSL_HS_CLIENT_HELLO,
- buflen );
-
MBEDTLS_SSL_PROC_CHK_NEG( ssl_client_hello_parse( ssl, buf, buf + buflen ) );
hrr_required = ret;
@@ -786,7 +780,8 @@
* - The entire content of the CH message, if no PSK extension is present
* - The content up to but excluding the PSK extension, if present.
*/
- ssl->handshake->update_checksum( ssl, buf, p - buf );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+ buf, p - buf );
/*
* Search for a matching ciphersuite
*/
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ec6cad8..a9948fd 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -10223,7 +10223,7 @@
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_openssl_tls1_3
run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
- "$P_SRV debug_level=4 force_version=tls13 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -tls1_3" \
1 \
-s "=> parse client hello" \
@@ -10237,7 +10237,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: Server side check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
- "$P_SRV debug_level=4 force_version=tls13 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI -d 4 localhost --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS" \
1 \
-s "=> parse client hello" \