From f16efbc78d917c46d18ea82ae1ed8e975c519261 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Oct 2023 11:06:24 +0800 Subject: [PATCH] fix various issues - Add comments for ticket test hooks - improve code style. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 10 ++++++---- programs/ssl/ssl_server2.c | 14 +++++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8bcb0e4075..7b8cc6e741 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -195,8 +195,9 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if (now < session->start) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Invalid ticket start time ( now=%" MBEDTLS_PRINTF_MS_TIME - ", start=%" MBEDTLS_PRINTF_MS_TIME " )", now, session->start)); + 3, ("Invalid ticket start time ( now = %" MBEDTLS_PRINTF_MS_TIME + ", start = %" MBEDTLS_PRINTF_MS_TIME " )", + now, session->start)); goto exit; } @@ -213,7 +214,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * * For time being, the age MUST be less than 604800 seconds (7 days). */ - if (server_age > 604800*1000) { + if (server_age > 604800 * 1000) { MBEDTLS_SSL_DEBUG_MSG( 3, ("Ticket age exceeds limitation ticket_age=%" MBEDTLS_PRINTF_MS_TIME, server_age)); @@ -238,7 +239,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if (age_diff < -1000 || age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age outside tolerance window ( diff=%" MBEDTLS_PRINTF_MS_TIME ")", + 3, ("Ticket age outside tolerance window ( diff = %" + MBEDTLS_PRINTF_MS_TIME ")", age_diff)); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ce53f92746..7df30f0172 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1416,35 +1416,43 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, switch (opt.dummy_ticket % 11) { case 1: + /* Callback function return INVALID_MAC */ return MBEDTLS_ERR_SSL_INVALID_MAC; case 2: + /* Callback function return ticket expired */ return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; case 3: + /* Built-in check, the start time is in future. */ session->start = mbedtls_ms_time() + 10 * 1000; break; case 4: + /* Built-in check, ticket expired due to too old. */ session->start = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000; break; case 5: + /* Built-in check, age outside tolerance window, too young. */ session->start = mbedtls_ms_time() - 10 * 1000; break; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 6: + /* Built-in check, age outside tolerance window, too old. */ session->start = mbedtls_ms_time(); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) session->ticket_age_add -= 1000; -#endif break; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 7: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; break; case 8: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; break; case 9: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; break; case 10: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; break; #endif