From 023ff7acb105df63055f83903e275494876b1b44 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 29 Apr 2022 17:00:19 +0800 Subject: [PATCH 01/20] Move dependes_on of move handshakes state Prepare share move_handshake_state function with TLSv1.3 Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 72 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 2 +- 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 274f0de01..2b45a827b 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -105,147 +105,147 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER Test moving clients handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving clients handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving clients handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 Test moving clients handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving clients handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving clients handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving clients handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 Test moving servers handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving servers handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving servers handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 Test moving servers handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving servers handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving servers handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving servers handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving servers handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0 Negative test moving servers ssl to state: NEW_SESSION_TICKET -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 Handshake, tls1_2 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2685e6ada..cc34df62a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -4867,7 +4867,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void move_handshake_to_state(int endpoint_type, int state, int need_pass) { enum { BUFFSIZE = 1024 }; From d8c57feaf9c57c60b35e26077179bd0f047a20d6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 30 Apr 2022 15:15:34 +0800 Subject: [PATCH 02/20] Add moving state test for TLS1.3 Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 120 +++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 18 ++++ 2 files changed, 138 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 2b45a827b..121e09335 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -248,6 +248,126 @@ Negative test moving servers ssl to state: NEW_SESSION_TICKET depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 +TLSv1.3:Test moving clients handshake to state: HELLO_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 + +TLSv1.3:Test moving servers handshake to state: HELLO_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 + +TLSv1.3:Test moving clients handshake to state: CLIENT_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 + +TLSv1.3:Test moving servers handshake to state: CLIENT_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 + +TLSv1.3:Test moving clients handshake to state: SERVER_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 + +TLSv1.3:Test moving servers handshake to state: SERVER_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 + +TLSv1.3:Test moving clients handshake to state: ENCRYPTED_EXTENSIONS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 + +TLSv1.3:Test moving servers handshake to state: ENCRYPTED_EXTENSIONS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 + +TLSv1.3:Test moving clients handshake to state: CERTIFICATE_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 + +TLSv1.3:Test moving servers handshake to state: CERTIFICATE_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:0 + +TLSv1.3:Test moving clients handshake to state: SERVER_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 + +TLSv1.3:Test moving servers handshake to state: SERVER_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 + +TLSv1.3:Test moving clients handshake to state: CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 + +TLSv1.3:Test moving servers handshake to state: CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 + +TLSv1.3:Test moving clients handshake to state: SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 + +TLSv1.3:Test moving servers handshake to state: SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 + +TLSv1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 + +TLSv1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:0 + +TLSv1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 + +TLSv1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 + +TLSv1.3:Test moving clients handshake to state: CLIENT_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 + +TLSv1.3:Test moving servers handshake to state: CLIENT_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 + +TLSv1.3:Test moving clients handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 + +TLSv1.3:Test moving servers handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:0 + +TLSv1.3:Test moving clients handshake to state: HANDSHAKE_WRAPUP +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 + +TLSv1.3:Test moving servers handshake to state: HANDSHAKE_WRAPUP +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:0 + +TLSv1.3:Test moving clients handshake to state: CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:0 + +TLSv1.3:Test moving servers handshake to state: CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:0 + +TLSv1.3:Test moving clients handshake to state: CLIENT_CCS_AFTER_SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:1 + +TLSv1.3:Test moving servers handshake to state: CLIENT_CCS_AFTER_SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:0 + Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2 handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index cc34df62a..9434a60f3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -751,6 +751,7 @@ typedef struct mbedtls_endpoint mbedtls_entropy_context entropy; mbedtls_mock_socket socket; mbedtls_endpoint_certificate cert; + FILE *dbg_output; } mbedtls_endpoint; /* @@ -872,6 +873,17 @@ exit: return ret; } +static void my_debug( void *ctx, int level, + const char *file, int line, + const char *str ) +{ + ((void) level); + mbedtls_endpoint *ep=(mbedtls_endpoint *)ctx; + mbedtls_fprintf( ep->dbg_output, + "%s: %s:%04d: %s", + ep->name, file, line, str ); + fflush( ep->dbg_output ); +} /* * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()` * after calling this function even if it fails. @@ -886,6 +898,7 @@ exit: * * \retval 0 on success, otherwise error code. */ + int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_message_queue *input_queue, @@ -913,6 +926,8 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg, &( ep->ctr_drbg ) ); mbedtls_entropy_init( &( ep->entropy ) ); + + TEST_ASSERT( mbedtls_ssl_conf_get_user_data_p( &ep->conf ) == NULL ); TEST_EQUAL( mbedtls_ssl_conf_get_user_data_n( &ep->conf ), 0 ); TEST_ASSERT( mbedtls_ssl_get_user_data_p( &ep->ssl ) == NULL ); @@ -981,6 +996,9 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg, mbedtls_ssl_conf_set_user_data_p( &ep->conf, ep ); TEST_EQUAL( mbedtls_ssl_get_user_data_n( &ep->ssl ), user_data_n ); mbedtls_ssl_set_user_data_p( &ep->ssl, ep ); + ep->dbg_output = stderr; + mbedtls_ssl_conf_dbg( &ep->conf, my_debug, ep ); + mbedtls_debug_set_threshold( 100 ); exit: return ret; From 4dec0e53290de6011d1817222def68b13e1516eb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 30 Apr 2022 22:53:38 +0800 Subject: [PATCH 03/20] fix state undeclare error Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0a9969344..79d7dddea 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -642,15 +642,11 @@ typedef enum MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ } mbedtls_ssl_states; From d9d049d1803fad2e521dbfb3b62243c1424baddb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 1 May 2022 10:16:10 +0800 Subject: [PATCH 04/20] revert dbg config Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.function | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9434a60f3..ffb943829 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -751,7 +751,6 @@ typedef struct mbedtls_endpoint mbedtls_entropy_context entropy; mbedtls_mock_socket socket; mbedtls_endpoint_certificate cert; - FILE *dbg_output; } mbedtls_endpoint; /* @@ -873,17 +872,6 @@ exit: return ret; } -static void my_debug( void *ctx, int level, - const char *file, int line, - const char *str ) -{ - ((void) level); - mbedtls_endpoint *ep=(mbedtls_endpoint *)ctx; - mbedtls_fprintf( ep->dbg_output, - "%s: %s:%04d: %s", - ep->name, file, line, str ); - fflush( ep->dbg_output ); -} /* * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()` * after calling this function even if it fails. @@ -996,9 +984,6 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg, mbedtls_ssl_conf_set_user_data_p( &ep->conf, ep ); TEST_EQUAL( mbedtls_ssl_get_user_data_n( &ep->ssl ), user_data_n ); mbedtls_ssl_set_user_data_p( &ep->ssl, ep ); - ep->dbg_output = stderr; - mbedtls_ssl_conf_dbg( &ep->conf, my_debug, ep ); - mbedtls_debug_set_threshold( 100 ); exit: return ret; From 85e5c81c379ba2a9d194c4e822793635f365a811 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 7 May 2022 13:26:56 +0800 Subject: [PATCH 05/20] fix check test cases fail Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 72 ++++++++++++++++---------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 121e09335..3e5e6422e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -105,147 +105,147 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER Test moving clients handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving clients handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving clients handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 Test moving clients handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving clients handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving clients handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving clients handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 Test moving servers handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving servers handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving servers handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 Test moving servers handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving servers handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving servers handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving servers handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving servers handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0 Negative test moving servers ssl to state: NEW_SESSION_TICKET -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 TLSv1.3:Test moving clients handshake to state: HELLO_REQUEST From df65b66003346b5b7f3981c5ecce3b3089c0114f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 10 May 2022 17:27:18 +0800 Subject: [PATCH 06/20] Add handshake over test Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 3e5e6422e..c050eea48 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -248,6 +248,14 @@ Negative test moving servers ssl to state: NEW_SESSION_TICKET depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 +TLSv1.3:Test moving clients handshake to state: HANDSHAKE_OVER +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 + +TLSv1.3:Test moving servers handshake to state: HANDSHAKE_OVER +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 + TLSv1.3:Test moving clients handshake to state: HELLO_REQUEST depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 @@ -286,7 +294,7 @@ move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 TLSv1.3:Test moving servers handshake to state: CERTIFICATE_REQUEST depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:0 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 TLSv1.3:Test moving clients handshake to state: SERVER_CERTIFICATE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 From 0a92d6c8eb1cf0f5a4c9902b5349165548f3e379 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 16 May 2022 16:54:46 +0800 Subject: [PATCH 07/20] fix move state to handshake over fail Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 239be53a1..c82963589 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1190,13 +1190,15 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished message" ) ); - /* Preprocessing step: Compute handshake digest */ - MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) ); + + /* Preprocessing step: Compute handshake digest */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buf_len ) ); + mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len ); From b3d86de3ea30aa7e10ed7c5461d7fe82ed2aa3b5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 20 May 2022 16:50:13 +0800 Subject: [PATCH 08/20] fix hanshake wrapup fail Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c050eea48..e87d2eb3f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -358,7 +358,7 @@ move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 TLSv1.3:Test moving servers handshake to state: HANDSHAKE_WRAPUP depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:0 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 TLSv1.3:Test moving clients handshake to state: CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 From df0a71a0b09273524f9b04d94b87f9caa85a1db8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 May 2022 10:43:30 +0800 Subject: [PATCH 09/20] Add handshake version test Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 4 ++++ tests/suites/test_suite_ssl.function | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index e87d2eb3f..ef9232764 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -380,6 +380,10 @@ Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2 handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 +Handshake, tls1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 + Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ffb943829..fd7161426 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2099,6 +2099,17 @@ void perform_handshake( handshake_test_options* options ) } TEST_ASSERT( mbedtls_ssl_is_handshake_over( &client.ssl ) == 1 ); + + /* Workaround for TLS1.3 */ + TEST_ASSERT( mbedtls_move_handshake_to_state( &(server.ssl), + &(client.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER ) + == expected_handshake_result ); + if( expected_handshake_result != 0 ) + { + goto exit; + } + TEST_ASSERT( mbedtls_ssl_is_handshake_over( &server.ssl ) == 1 ); /* Check that both sides have negotiated the expected version. */ From 66adf3155c5b400cd9183ff9570c93f8616a4bf7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 May 2022 15:23:29 +0800 Subject: [PATCH 10/20] Update comments Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index fd7161426..8a08963a6 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2100,7 +2100,7 @@ void perform_handshake( handshake_test_options* options ) TEST_ASSERT( mbedtls_ssl_is_handshake_over( &client.ssl ) == 1 ); - /* Workaround for TLS1.3 */ + /* Make sure server state is moved to HANDSHAKE_OVER also. */ TEST_ASSERT( mbedtls_move_handshake_to_state( &(server.ssl), &(client.ssl), MBEDTLS_SSL_HANDSHAKE_OVER ) From 1e7c438b6776ac3131a8b0cc146a07ce2477b2db Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 May 2022 19:51:38 +0800 Subject: [PATCH 11/20] remove tls1.3 dependancy Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 72 ++++++++++++++++---------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ef9232764..a1fd6f5c7 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -105,147 +105,147 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER Test moving clients handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving clients handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving clients handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 Test moving clients handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving clients handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving clients handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving clients handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 Test moving servers handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving servers handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving servers handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 Test moving servers handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving servers handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving servers handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving servers handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving servers handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0 Negative test moving servers ssl to state: NEW_SESSION_TICKET -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 TLSv1.3:Test moving clients handshake to state: HANDSHAKE_OVER From 66537f40b660a2a1e1ec4cb3620566a4c985e6c5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 May 2022 19:53:05 +0800 Subject: [PATCH 12/20] fix certificate request fail Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a1fd6f5c7..56c2ec92d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -193,7 +193,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE From 1443537da3b6187778035f5ca98cda3c10e19f73 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Jun 2022 15:53:31 +0800 Subject: [PATCH 13/20] fix test fail when WANT_READ/WRITE returned Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.function | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8a08963a6..6ba4e2043 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -4910,12 +4910,16 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass) state ); if( need_pass ) { - TEST_ASSERT( ret == 0 ); + TEST_ASSERT( ret == 0 || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE ); TEST_ASSERT( base_ep.ssl.state == state ); } else { - TEST_ASSERT( ret != 0 ); + TEST_ASSERT( ret != 0 && + ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ); TEST_ASSERT( base_ep.ssl.state != state ); } From 7bf3358a2d58b1c655f30dc4218282f1bcf9c0ed Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Jun 2022 16:55:17 +0800 Subject: [PATCH 14/20] Remove duplicated tests Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 145 ------------------------------- 1 file changed, 145 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 56c2ec92d..540319271 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -105,139 +105,105 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER Test moving clients handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving clients handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving clients handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 Test moving clients handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving clients handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving clients handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving clients handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 Test moving servers handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving servers handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving servers handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 Test moving servers handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving servers handshake to state: SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving servers handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving servers handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving servers handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT @@ -248,37 +214,6 @@ Negative test moving servers ssl to state: NEW_SESSION_TICKET depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 -TLSv1.3:Test moving clients handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 - -TLSv1.3:Test moving servers handshake to state: HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 - -TLSv1.3:Test moving clients handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLSv1.3:Test moving servers handshake to state: HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLSv1.3:Test moving clients handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLSv1.3:Test moving servers handshake to state: CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLSv1.3:Test moving clients handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 - -TLSv1.3:Test moving servers handshake to state: SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 TLSv1.3:Test moving clients handshake to state: ENCRYPTED_EXTENSIONS depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 @@ -288,46 +223,6 @@ TLSv1.3:Test moving servers handshake to state: ENCRYPTED_EXTENSIONS depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 -TLSv1.3:Test moving clients handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLSv1.3:Test moving servers handshake to state: CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLSv1.3:Test moving clients handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLSv1.3:Test moving servers handshake to state: SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLSv1.3:Test moving clients handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLSv1.3:Test moving servers handshake to state: CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLSv1.3:Test moving clients handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLSv1.3:Test moving servers handshake to state: SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLSv1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLSv1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:0 - TLSv1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE_VERIFY depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 @@ -336,46 +231,6 @@ TLSv1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE_VERIFY depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 -TLSv1.3:Test moving clients handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLSv1.3:Test moving servers handshake to state: CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLSv1.3:Test moving clients handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 - -TLSv1.3:Test moving servers handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:0 - -TLSv1.3:Test moving clients handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLSv1.3:Test moving servers handshake to state: HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLSv1.3:Test moving clients handshake to state: CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:0 - -TLSv1.3:Test moving servers handshake to state: CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:0 - -TLSv1.3:Test moving clients handshake to state: CLIENT_CCS_AFTER_SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:1 - -TLSv1.3:Test moving servers handshake to state: CLIENT_CCS_AFTER_SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:0 - Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2 handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 From f2d32e6c3dabfd7fff9d43c87422b1c444333393 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Jun 2022 18:05:18 +0800 Subject: [PATCH 15/20] fix tls13_only test fail Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 540319271..0f599843e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -117,36 +117,43 @@ Test moving clients handshake to state: SERVER_CERTIFICATE move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving clients handshake to state: SERVER_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_REQUEST move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving clients handshake to state: SERVER_HELLO_DONE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_VERIFY move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: CLIENT_FINISHED move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: SERVER_FINISHED move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP @@ -168,36 +175,43 @@ Test moving servers handshake to state: SERVER_CERTIFICATE move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving servers handshake to state: SERVER_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_VERIFY move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: CLIENT_FINISHED move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: SERVER_FINISHED move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving servers handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving servers handshake to state: HANDSHAKE_WRAPUP From 6994e3e0c23a3106df7c60f96f7a7ec31bea1e66 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 6 Jun 2022 11:25:28 +0800 Subject: [PATCH 16/20] fix various issues Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 9 ++++----- tests/suites/test_suite_ssl.function | 2 -- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 0f599843e..09908441c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -228,20 +228,19 @@ Negative test moving servers ssl to state: NEW_SESSION_TICKET depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 - -TLSv1.3:Test moving clients handshake to state: ENCRYPTED_EXTENSIONS +TLS 1.3:Test moving clients handshake to state: ENCRYPTED_EXTENSIONS depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 -TLSv1.3:Test moving servers handshake to state: ENCRYPTED_EXTENSIONS +TLS 1.3:Test moving servers handshake to state: ENCRYPTED_EXTENSIONS depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 -TLSv1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE_VERIFY +TLS 1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE_VERIFY depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 -TLSv1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE_VERIFY +TLS 1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE_VERIFY depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6ba4e2043..f44569dcf 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -914,8 +914,6 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg, &( ep->ctr_drbg ) ); mbedtls_entropy_init( &( ep->entropy ) ); - - TEST_ASSERT( mbedtls_ssl_conf_get_user_data_p( &ep->conf ) == NULL ); TEST_EQUAL( mbedtls_ssl_conf_get_user_data_n( &ep->conf ), 0 ); TEST_ASSERT( mbedtls_ssl_get_user_data_p( &ep->ssl ) == NULL ); From 209cae9c42e7f2c43bf0b9a061ab2560dd2bbbf4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 7 Jun 2022 10:30:19 +0200 Subject: [PATCH 17/20] tls13: server: Fix state update in CLIENT_CERTIFICATE The state should be updated only if the handler returns in success. Signed-off-by: Ronald Cron --- library/ssl_tls13_server.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f3843b1e8..65023075c 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1628,14 +1628,17 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = mbedtls_ssl_tls13_process_certificate( ssl ); - if( ret == 0 && ssl->session_negotiate->peer_cert != NULL ) + if( ret == 0 ) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + if( ssl->session_negotiate->peer_cert != NULL ) + { + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + } + else + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_CLIENT_FINISHED ); } - else - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_FINISHED ); break; case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: From bdddaef9bb7f18f1c34f33dfbe03e810cbe02f91 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 7 Jun 2022 10:34:59 +0200 Subject: [PATCH 18/20] test: ssl: Enable client authentication in handshake state tests The endpoint initialization function was setting up a certificate but the client certificate was not used because client authentication was not enabled (not enabled in the default SSL server configuration). Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 4 ++-- tests/suites/test_suite_ssl.function | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 09908441c..08aaa1cab 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -238,11 +238,11 @@ move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 TLS 1.3:Test moving clients handshake to state: CLIENT_CERTIFICATE_VERIFY depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 +move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 TLS 1.3:Test moving servers handshake to state: CLIENT_CERTIFICATE_VERIFY depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:0 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f44569dcf..8d683adb4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -967,6 +967,8 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg, if( group_list != NULL ) mbedtls_ssl_conf_groups( &(ep->conf), group_list ); + mbedtls_ssl_conf_authmode( &( ep->conf ), MBEDTLS_SSL_VERIFY_REQUIRED ); + ret = mbedtls_ssl_setup( &( ep->ssl ), &( ep->conf ) ); TEST_ASSERT( ret == 0 ); From 00e5eaad625246309984d8142205ea20ea1b9dca Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 7 Jun 2022 10:38:29 +0200 Subject: [PATCH 19/20] test: ssl: Remove more TLS 1.2 dependencies in handshake state tests That way the concerned tests are also run in the TLS 1.3 only configuration where a TLS 1.3 handshake is performed. Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 08aaa1cab..5192342c8 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -128,7 +128,6 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE @@ -153,7 +152,6 @@ Test moving clients handshake to state: SERVER_FINISHED move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP @@ -186,7 +184,6 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE From 5313f034b43e541ea460fa093d5c9b5f6041e939 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 31 May 2022 12:29:00 +0200 Subject: [PATCH 20/20] Add change log Add change log for the bug fixed in "fix move state to handshake over fail" commit Signed-off-by: Ronald Cron --- ChangeLog.d/tls13-fix-finished-fetch.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/tls13-fix-finished-fetch.txt diff --git a/ChangeLog.d/tls13-fix-finished-fetch.txt b/ChangeLog.d/tls13-fix-finished-fetch.txt new file mode 100644 index 000000000..28c30f909 --- /dev/null +++ b/ChangeLog.d/tls13-fix-finished-fetch.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix handshake failure when the peer Finished message has not been received + yet when we first try to fetch it. The fetching is moved before the + preprocessing computations to avoid doing them multiple times, which was + causing the handshake to fail.