Fix and improve documentation, comments and logs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt b/ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt
index 948bc88..1d34068 100644
--- a/ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt
+++ b/ChangeLog.d/tls13-reorder-ciphersuite-preference-list.txt
@@ -1,11 +1,12 @@
Default behavior changes
* The default priority order of TLS 1.3 cipher suites has been modified to
follow the same rules as the TLS 1.2 cipher suites (see
- ssl_ciphersuites.c).
+ ssl_ciphersuites.c). The preferred cipher suite is now
+ TLS_CHACHA20_POLY1305_SHA256.
Bugfix
- * In the TLS 1.3 server, select the prefered client cipher suite, not the
- least prefered. The selection error was introduced in Mbed TLS 3.3.0.
+ * In the TLS 1.3 server, select the preferred client cipher suite, not the
+ least preferred. The selection error was introduced in Mbed TLS 3.3.0.
* Fix TLS 1.3 session resumption when the established pre-shared key is
384 bits long. That is the length of pre-shared keys created under a
session where the cipher suite is TLS_AES_256_GCM_SHA384.
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 8aff191..005a1d7 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1371,6 +1371,11 @@
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ /*
+ * "cipher_suite_end - p is even" is an invariant of the loop. As
+ * cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and
+ * it is thus safe to read two bytes.
+ */
cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
ssl, cipher_suite);
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 3b493ee..b1ee654 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -13237,7 +13237,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: NewSessionTicket: Basic check" \
+run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
0 \
@@ -13257,6 +13257,9 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+# Test the session resumption when the cipher suite for the original session is
+# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
+# 256 bits long as with all the other TLS 1.3 cipher suites.
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
run_test "TLS 1.3: NewSessionTicket: Basic check with AES-256-GCM only, G->m" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \