ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-10 00:49:04 +08:00
Code Issues Releases Wiki Activity

ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-03-08 11:37:55 +01:00
parent 5f4e91253f
commit 27c85e743f
4 changed files with 66 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_tls.c
View File

@ -38,6 +38,7 @@
#endif /* !MBEDTLS_PLATFORM_C */ #endif /* !MBEDTLS_PLATFORM_C */
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "ssl_debug_helpers.h"
#include "ssl_misc.h" #include "ssl_misc.h"
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
@ -2819,6 +2820,9 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %s",
mbedtls_ssl_states_str( ssl->state ) ) );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
ret = mbedtls_ssl_tls13_handshake_client_step( ssl ); ret = mbedtls_ssl_tls13_handshake_client_step( ssl );

2
library/ssl_tls12_client.c
View File

@ -3982,8 +3982,6 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */ * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)

5
library/ssl_tls13_client.c
View File

@ -33,7 +33,6 @@
#include "ecdh_misc.h" #include "ecdh_misc.h"
#include "ssl_client.h" #include "ssl_client.h"
#include "ssl_tls13_keys.h" #include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
/* Write extensions */ /* Write extensions */
@ -1853,10 +1852,6 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 client state: %s(%d)",
mbedtls_ssl_states_str( ssl->state ),
ssl->state ) );
switch( ssl->state ) switch( ssl->state )
{ {
/* /*

124
tests/ssl-opt.sh
View File

@ -9657,24 +9657,24 @@ run_test "TLS 1.3: minimal feature sets - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \ 0 \
-c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST(0)" \ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO(2)" \ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
-c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS(19)" \ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST(5)" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE(3)" \ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY(9)" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED(13)" \ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED(11)" \ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS(14)" \ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
-c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \ -c "ECDH curve: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \
-c "=> parse certificate verify" \ -c "=> parse certificate verify" \
-c "<= parse certificate verify" \ -c "<= parse certificate verify" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "<= parse finished message" \ -c "<= parse finished message" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
@ -9690,25 +9690,25 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \ 0 \
-s "SERVER HELLO was queued" \ -s "SERVER HELLO was queued" \
-c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST(0)" \ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO(2)" \ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
-c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS(19)" \ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST(5)" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE(3)" \ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY(9)" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED(13)" \ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED(11)" \ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS(14)" \ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
-c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \ -c "ECDH curve: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \
-c "=> parse certificate verify" \ -c "=> parse certificate verify" \
-c "<= parse certificate verify" \ -c "<= parse certificate verify" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "<= parse finished message" \ -c "<= parse finished message" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
@ -9725,24 +9725,24 @@ run_test "TLS 1.3: alpn - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13 alpn=h2" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 alpn=h2" \
0 \ 0 \
-c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST" \ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO" \ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
-c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED" \ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED" \ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
-c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \ -c "ECDH curve: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \
-c "=> parse certificate verify" \ -c "=> parse certificate verify" \
-c "<= parse certificate verify" \ -c "<= parse certificate verify" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "<= parse finished message" \ -c "<= parse finished message" \
-c "HTTP/1.0 200 ok" \ -c "HTTP/1.0 200 ok" \
@ -9760,25 +9760,25 @@ run_test "TLS 1.3: alpn - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13 alpn=h2" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 alpn=h2" \
0 \ 0 \
-s "SERVER HELLO was queued" \ -s "SERVER HELLO was queued" \
-c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST" \ -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO" \ -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
-c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
-c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
-c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED" \ -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED" \ -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
-c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
-c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "<= ssl_tls13_process_server_hello" \ -c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \ -c "ECDH curve: x25519" \
-c "=> ssl_tls13_process_server_hello" \ -c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \ -c "Certificate verification flags clear" \
-c "=> parse certificate verify" \ -c "=> parse certificate verify" \
-c "<= parse certificate verify" \ -c "<= parse certificate verify" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "<= parse finished message" \ -c "<= parse finished message" \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
@ -10170,7 +10170,7 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA25
0 \ 0 \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
-c "HTTP/1.0 200 ok" -c "HTTP/1.0 200 ok"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -10184,7 +10184,7 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA38
0 \ 0 \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
-c "HTTP/1.0 200 ok" -c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
@ -10199,7 +10199,7 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_128_GCM_SHA25
0 \ 0 \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
@ -10214,7 +10214,7 @@ run_test "TLS 1.3: HelloRetryRequest check, ciphersuite TLS_AES_256_GCM_SHA38
0 \ 0 \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
-c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
-c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO" \ -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
for i in opt-testcases/*.sh for i in opt-testcases/*.sh