Update TLS 1.3

tools/tls13_client.c

@@ -370,12 +370,28 @@ bad:
 	}
 
 	if (sess_in) {
+		FILE *sess_infp;
+		int enable_psk = 0;
+		int psk_ret = 1;
 
-		if (tls13_add_pre_shared_key_from_file(&conn, sess_in) != 1) {
+		if (!(sess_infp = fopen(sess_in, "rb"))) {
 			error_print();
-			return -1;
+			goto end;
 		}
-		tls13_enable_pre_shared_key(&conn, 1);
+
+		while (psk_ret) {
+			if ((psk_ret = tls13_add_pre_shared_key_from_session_file(&conn, sess_infp)) < 0) {
+				error_print();
+				fclose(sess_infp);
+				return -1;
+			}
+		}
+		fclose(sess_infp);
+
+
+		// 客户端是否发送pre_shared_key是由什么决定的？需要显式的支持吗
+		// 我觉得应该是不需要的，因为如果设置了psk_key_exchange_mode，那么自然要发送pre_shared_key
+		tls13_enable_pre_shared_key(&conn, enable_psk);
 	}
 
 	if (sess_out) {
@@ -462,10 +478,34 @@ bad:
 		goto end;
 	}
 
+
+	fprintf(stderr, ">>>>>>>>>>>>\n");
+
+
+
 	for (;;) {
 		fd_set fds;
 		size_t sentlen;
 
+
+		FD_ZERO(&fds);
+
+
+		// listen socket
+		FD_SET(conn.sock, &fds);
+
+		// listen stdin
+		FD_SET(fileno(stdin), &fds);
+
+
+		// 等待阻塞
+		if (select((int)(conn.sock + 1), // In WinSock2, select() ignore the this arg
+			&fds, NULL, NULL, NULL) < 0) {
+			fprintf(stderr, "%s: select failed\n", prog);
+			goto end;
+		}
+
+		/*
 		if (!fgets(send_buf, sizeof(send_buf), stdin)) {
 			if (feof(stdin)) {
 				tls_shutdown(&conn);
@@ -478,21 +518,9 @@ bad:
 			fprintf(stderr, "%s: send error\n", prog);
 			goto end;
 		}
+		*/
 
 
-		FD_ZERO(&fds);
-		FD_SET(conn.sock, &fds);
-#ifdef WIN32
-#else
-		FD_SET(fileno(stdin), &fds);
-#endif
-
-		if (select((int)(conn.sock + 1), // In WinSock2, select() ignore the this arg
-			&fds, NULL, NULL, NULL) < 0) {
-			fprintf(stderr, "%s: select failed\n", prog);
-			goto end;
-		}
-
 		if (FD_ISSET(conn.sock, &fds)) {
 			for (;;) {
 				memset(buf, 0, sizeof(buf));
@@ -507,10 +535,8 @@ bad:
 					break;
 				}
 			}
-
 		}
-#ifdef WIN32
-#else
+
 		if (FD_ISSET(fileno(stdin), &fds)) {
 			memset(send_buf, 0, sizeof(send_buf));
 
@@ -527,7 +553,6 @@ bad:
 				goto end;
 			}
 		}
-#endif
 	}
 
 end:

tools/tls13_server.c

@@ -80,19 +80,28 @@ static const char *help =
 "    sudo gmssl tls13_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234\n"
 "    gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacert.pem\n"
 "\n"
-"   sudo gmssl tls13_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234 \n"
+"    sudo gmssl tls13_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234 \n"
 "       -cipher_suite TLS_SM4_GCM_SM3 -cipher_suite TLS_AES_128_GCM_SHA256 \n"
 "       -supported_group sm2p256v1 -supported_group prime256v1\n"
 "       -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256\n"
 "\n"
-"  PSK=1122334455667788112233445566778811223344556677881122334455667788\n"
-"  sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
-"  gmssl tls13_cliet -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
+"    PSK=1122334455667788112233445566778811223344556677881122334455667788\n"
+"    sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
+"    gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
 "\n"
-"  sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -early_data\n"
-"  gmssl tls13_cliet -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -early_data early_data.txt\n"
+"    sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -early_data\n"
+"    gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -early_data early_data.txt\n"
 "\n"
-"  sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -new_session_ticket 2\n"
+"    sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -new_session_ticket 2\n"
+"\n"
+"    sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_dhe_ke -supported_group sm2p256v1 -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -early_data\n"
+"    gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_dhe_ke -supported_group sm2p256v1 -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -early_data early_data.txt\n"
+"\n"
+"    sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -supported_group sm2p256v1 -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -new_session_ticket 2 -ticket_key $TICKET_KEY\n"
+"    gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_dhe_ke -supported_group sm2p256v1 -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK -sess_out session.bin\n"
+"    sudo gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -ticket_key $TICKET_KEY\n"
+"    gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 -psk_ke -sess_in session.bin\n"
+
 "\n";
 
 int tls13_server_main(int argc , char **argv)
@@ -342,7 +351,7 @@ bad:
 			error_print();
 			return -1;
 		}
-		if (tls13_ctx_set_new_session_ticket(&ctx, new_session_ticket) != 1) {
+		if (tls13_ctx_enable_new_session_ticket(&ctx, new_session_ticket) != 1) {
 			error_print();
 			return -1;
 		}