From 75a5a9c2051206d01b68669c203b39afce009ec3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 12 Jun 2023 11:21:18 +0200 Subject: [PATCH] Code cleanup Signed-off-by: Przemek Stekiel --- include/mbedtls/dhm.h | 1 - include/mbedtls/psa_util.h | 2 -- include/mbedtls/ssl_ciphersuites.h | 6 ---- library/ssl_client.c | 33 ++++------------------ library/ssl_tls12_client.c | 4 +-- library/ssl_tls12_server.c | 4 +-- library/ssl_tls13_client.c | 38 ++++++++------------------ library/ssl_tls13_generic.c | 13 +++++---- library/ssl_tls13_keys.c | 10 +++---- programs/ssl/ssl_client2.c | 8 ------ programs/ssl/ssl_server2.c | 7 ----- programs/ssl/ssl_test_lib.c | 41 ++++++++++++++++++++-------- programs/ssl/ssl_test_lib.h | 6 ---- tests/ssl-opt.sh | 8 +++--- tests/suites/test_suite_ssl.function | 2 +- 15 files changed, 65 insertions(+), 118 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index c4616dc76..6ffe681ca 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -66,7 +66,6 @@ #include "mbedtls/build_info.h" #include "mbedtls/bignum.h" -#include /* * DHM Error codes diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5e894c5c4..c92be063a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -38,8 +38,6 @@ #include "mbedtls/pk.h" #include "mbedtls/oid.h" #include "mbedtls/error.h" -#include "mbedtls/ssl.h" - #include /* Translations for symmetric crypto. */ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 8aea0e5e1..17b8ff789 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -364,12 +364,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* Key exchanges ephemeral */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED -#endif - typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ diff --git a/library/ssl_client.c b/library/ssl_client.c index 257a696b9..bc3a461a5 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -277,37 +277,14 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, #if defined(PSA_WANT_ALG_FFDH) if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) && mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) { - const char *ffdh_group = NULL; - - switch (*group_list) { - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: - ffdh_group = "ffdhe2048"; - break; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: - ffdh_group = "ffdhe3072"; - break; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: - ffdh_group = "ffdhe4096"; - break; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: - ffdh_group = "ffdhe6144"; - break; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: - ffdh_group = "ffdhe8192"; - break; - default: - break; - } - - if (ffdh_group == NULL) { - continue; - } - +#if defined(MBEDTLS_DEBUG_C) + const char *ffdh_group = mbedtls_ssl_named_group_to_str(*group_list); + MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )", + ffdh_group, *group_list)); +#endif MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); MBEDTLS_PUT_UINT16_BE(*group_list, p, 0); p += 2; - MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )", - ffdh_group, *group_list)); } #endif /* PSA_WANT_ALG_FFDH */ } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df8af0dea..38c61ba17 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1714,7 +1714,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, uint16_t tls_id; uint8_t ecpoint_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_key_type_t key_type = 0; + psa_key_type_t key_type = PSA_KEY_TYPE_NONE; size_t ec_bits = 0; /* @@ -2014,7 +2014,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) uint16_t tls_id = 0; - psa_key_type_t key_type = 0; + psa_key_type_t key_type = PSA_KEY_TYPE_NONE; mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk); if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3234b2d75..86a181f18 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2594,7 +2594,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; uint16_t tls_id = 0; - psa_key_type_t key_type = 0; + psa_key_type_t key_type = PSA_KEY_TYPE_NONE; size_t key_len; mbedtls_pk_context *pk; mbedtls_ecp_group_id grp_id; @@ -2961,7 +2961,7 @@ curve_matching_done: const size_t header_size = 4; // curve_type(1), namedcurve(2), // data length(1) const size_t data_length_size = 1; - psa_key_type_t key_type = 0; + psa_key_type_t key_type = PSA_KEY_TYPE_NONE; size_t ec_bits = 0; MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 35679ca74..17479b86e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -248,11 +248,6 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, ((void) group_id); #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - /* - * Add DHE named groups here. - * Pick first available DHE group compatible with TLS 1.3 - */ - return ret; } @@ -386,7 +381,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end) { -#if defined(PSA_WANT_ALG_ECDH) +#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) const unsigned char *p = buf; int selected_group; int found = 0; @@ -413,6 +408,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, * then the client MUST abort the handshake with an "illegal_parameter" alert. */ for (; *group_list != 0; group_list++) { +#if defined(PSA_WANT_ALG_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) { if ((mbedtls_ssl_get_psa_curve_info_from_tls_id( *group_list, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) || @@ -421,10 +417,13 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, break; } } +#endif /* PSA_WANT_ALG_ECDH */ +#if defined(PSA_WANT_ALG_FFDH) if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) { found = 1; break; } +#endif /* PSA_WANT_ALG_FFDH */ } /* Client MUST verify that the selected_group field does not @@ -446,12 +445,12 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, ssl->handshake->offered_group_id = selected_group; return 0; -#else +#else /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ (void) ssl; (void) buf; (void) end; return MBEDTLS_ERR_SSL_BAD_CONFIG; -#endif +#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ } /* @@ -497,25 +496,10 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_dhe(group)) { -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) { - if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL) - == PSA_ERROR_NOT_SUPPORTED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid TLS curve group id")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG( - 2, - ("ECDH curve: %s", mbedtls_ssl_get_curve_name_from_tls_id(group))); - } -#endif /* PSA_WANT_ALG_ECDH */ -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_dhe(group)) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("DHE group name: %s", mbedtls_ssl_ffdh_name_from_group(group))); - } -#endif /* PSA_WANT_ALG_FFDH */ +#if defined(MBEDTLS_DEBUG_C) + MBEDTLS_SSL_DEBUG_MSG(2, + ("DHE group name: %s", mbedtls_ssl_named_group_to_str(group))); +#endif ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p); if (ret != 0) { return ret; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 044779018..e85cbd557 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1514,9 +1514,9 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, } static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id( - uint16_t tls_ecc_grp_reg_id, size_t *bits, psa_key_type_t *key_type) + uint16_t tls_id, size_t *bits, psa_key_type_t *key_type) { - switch (tls_ecc_grp_reg_id) { + switch (tls_id) { case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: *bits = 2048; *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); @@ -1555,8 +1555,8 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( size_t own_pubkey_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; size_t bits = 0; - psa_key_type_t key_type = 0; - psa_algorithm_t alg = 0; + psa_key_type_t key_type = PSA_KEY_TYPE_NONE; + psa_algorithm_t alg = PSA_ALG_NONE; size_t buf_size = (size_t) (end - buf); MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH/FFDH computation.")); @@ -1569,12 +1569,13 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( } #endif #if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits, &key_type) == PSA_SUCCESS) { + if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits, + &key_type) == PSA_SUCCESS) { alg = PSA_ALG_FFDH; } #endif - if (key_type == 0) { + if (key_type == PSA_KEY_TYPE_NONE) { return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index c69078dbd..43452b1a3 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1487,12 +1487,10 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) || mbedtls_ssl_tls13_named_group_is_dhe(handshake->offered_group_id)) { #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - psa_algorithm_t alg = 0; - if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) { - alg = PSA_ALG_ECDH; - } else { - alg = PSA_ALG_FFDH; - } + psa_algorithm_t alg = + mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ? + PSA_ALG_ECDH : PSA_ALG_FFDH; + /* Compute ECDH shared secret. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index af41e3856..48a9d4c90 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -757,10 +757,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char alloc_buf[MEMORY_HEAP_SIZE]; #endif - -#if defined(MBEDTLS_ECP_LIGHT) uint16_t group_list[CURVE_LIST_SIZE]; -#endif #if defined(MBEDTLS_SSL_DTLS_SRTP) unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; size_t mki_len = 0; @@ -1494,16 +1491,11 @@ usage: } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_ECP_LIGHT) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) if (opt.curves != NULL) { if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) { goto exit; } } -#endif /* MBEDTLS_ECP_LIGHT || - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) if (opt.sig_algs != NULL) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 715fe0c58..9ccaebb21 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1522,9 +1522,7 @@ int main(int argc, char *argv[]) #if defined(SNI_OPTION) sni_entry *sni_info = NULL; #endif -#if defined(MBEDTLS_ECP_LIGHT) uint16_t group_list[CURVE_LIST_SIZE]; -#endif #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -2388,16 +2386,11 @@ usage: } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_ECP_LIGHT) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) if (opt.curves != NULL) { if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) { goto exit; } } -#endif /* MBEDTLS_ECP_LIGHT || - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) if (opt.sig_algs != NULL) { diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 077df2ebd..fdb6a523a 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -449,7 +449,9 @@ void test_hooks_free(void) #endif /* MBEDTLS_TEST_HOOKS */ -uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_FFDH) +static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) { if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) { return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048; @@ -465,8 +467,9 @@ uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) return 0; } -const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) +static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) { +#if defined(PSA_WANT_ALG_FFDH) static const uint16_t ffdh_groups[] = { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, @@ -475,19 +478,18 @@ const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, 0 }; - return ffdh_groups; +#else + return NULL; +#endif } +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ -#if defined(MBEDTLS_ECP_LIGHT) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len) { char *p = (char *) curves; char *q = NULL; size_t i = 0; - const mbedtls_ecp_curve_info *curve_cur = NULL; if (strcmp(p, "none") == 0) { group_list[0] = 0; @@ -495,8 +497,13 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len /* Leave room for a final NULL in curve list */ while (i < group_list_len - 1 && *p != '\0') { q = p; +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_FFDH) uint16_t ffdh_group = 0; - +#endif +#if defined(MBEDTLS_ECP_LIGHT) + const mbedtls_ecp_curve_info *curve_cur = NULL; +#endif /* Terminate the current string */ while (*p != ',' && *p != '\0') { p++; @@ -505,24 +512,36 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len *p++ = '\0'; } +#if defined(MBEDTLS_ECP_LIGHT) if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) { group_list[i++] = curve_cur->tls_id; - } else if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) { + } else +#endif +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_FFDH) + if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) { group_list[i++] = ffdh_group; - } else { + } else +#endif + { mbedtls_printf("unknown curve %s\n", q); +#if defined(MBEDTLS_ECP_LIGHT) mbedtls_printf("supported curves: "); for (curve_cur = mbedtls_ecp_curve_list(); curve_cur->grp_id != MBEDTLS_ECP_DP_NONE; curve_cur++) { mbedtls_printf("%s ", curve_cur->name); } +#endif +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_FFDH) const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups(); while (*supported_ffdh_group != 0) { mbedtls_printf("%s ", mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group)); supported_ffdh_group++; } +#endif mbedtls_printf("\n"); return -1; } @@ -541,7 +560,5 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len return 0; } -#endif /* MBEDTLS_ECP_LIGHT || - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH) */ #endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index eb29dc759..cf76992d1 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -312,13 +312,7 @@ void test_hooks_free(void); #endif /* !MBEDTLS_TEST_HOOKS */ /* Helper functions for FFDH groups. */ -uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name); -const uint16_t *mbedtls_ssl_ffdh_supported_groups(void); -#if defined(MBEDTLS_ECP_LIGHT) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len); -#endif #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f4b295990..9b8c4775f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11289,7 +11289,7 @@ run_test "TLS 1.3: minimal feature sets - openssl" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "<= ssl_tls13_process_server_hello" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "ECDH curve: x25519" \ + -c "DHE group name: x25519" \ -c "=> ssl_tls13_process_server_hello" \ -c "<= parse encrypted extensions" \ -c "Certificate verification flags clear" \ @@ -11323,7 +11323,7 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "<= ssl_tls13_process_server_hello" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "ECDH curve: x25519" \ + -c "DHE group name: x25519" \ -c "=> ssl_tls13_process_server_hello" \ -c "<= parse encrypted extensions" \ -c "Certificate verification flags clear" \ @@ -11356,7 +11356,7 @@ run_test "TLS 1.3: alpn - openssl" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "<= ssl_tls13_process_server_hello" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "ECDH curve: x25519" \ + -c "DHE group name: x25519" \ -c "=> ssl_tls13_process_server_hello" \ -c "<= parse encrypted extensions" \ -c "Certificate verification flags clear" \ @@ -11392,7 +11392,7 @@ run_test "TLS 1.3: alpn - gnutls" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "<= ssl_tls13_process_server_hello" \ -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "ECDH curve: x25519" \ + -c "DHE group name: x25519" \ -c "=> ssl_tls13_process_server_hello" \ -c "<= parse encrypted extensions" \ -c "Certificate verification flags clear" \ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index fd1059571..a7efa9340 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3591,7 +3591,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) /* BEGIN_CASE */ void elliptic_curve_get_properties() { - psa_key_type_t psa_type = 0; + psa_key_type_t psa_type = PSA_KEY_TYPE_NONE; size_t psa_bits; MD_OR_USE_PSA_INIT();