fix various issue
- remove unused test case
- add alert message
- improve readabitlity
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index fc5ceeb..84b6b80 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -55,24 +55,29 @@
*/
static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
- const unsigned char *end)
+ const unsigned char *end )
{
+ const unsigned char *p = buf;
size_t ke_modes_len;
int ke_modes = 0;
/* Read PSK mode list length (1 Byte) */
- MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 1 );
- ke_modes_len = *buf++;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+ ke_modes_len = *p++;
/* Currently, there are only two PSK modes, so even without looking
* at the content, something's wrong if the list has more than 2 items. */
if( ke_modes_len > 2 )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
- MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, ke_modes_len );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, ke_modes_len );
while( ke_modes_len-- != 0 )
{
- switch( *buf++ )
+ switch( *p++ )
{
case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE:
ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
@@ -83,6 +88,8 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK_EPHEMERAL KEX MODE" ) );
break;
default:
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 10aaa4a..979ae7a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -878,6 +878,8 @@
CLI_EXIT=$?
kill $DOG_PID >/dev/null 2>&1
+ # For ubuntu 22.04, `Terminated` message is outputed from `wait` command.
+ # to eliminate it from stdout, redirect stdout/stderr to CLI_OUT
wait $DOG_PID >> $CLI_OUT 2>&1
echo "EXIT: $CLI_EXIT" >> $CLI_OUT
@@ -2309,15 +2311,6 @@
-s "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE"
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-run_test "TLS 1.3: psk_key_exchange_modes: basic check, O->G" \
- "$G_NEXT_SRV -d 50 --pskpasswd data_files/passwd.psk --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
- "$O_NEXT_CLI -tls1_3 -psk 6162636465666768696a6b6c6d6e6f70" \
- 0
-
# Tests for datagram packing
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, client and server" \