Remove the TLS 1.0 and 1.1 support
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz
parent
f823722af4
commit
0f82ec6740
@ -1,79 +0,0 @@
|
||||
/**
|
||||
* \file config-mini-tls1_1.h
|
||||
*
|
||||
* \brief Minimal configuration for TLS 1.1 (RFC 4346)
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/*
|
||||
* Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
|
||||
* required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* See README.txt for usage instructions.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_H
|
||||
#define MBEDTLS_CONFIG_H
|
||||
|
||||
/* System support */
|
||||
#define MBEDTLS_HAVE_ASM
|
||||
#define MBEDTLS_HAVE_TIME
|
||||
|
||||
/* mbed TLS feature support */
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_PKCS1_V15
|
||||
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_1
|
||||
|
||||
/* mbed TLS modules */
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_CIPHER_C
|
||||
#define MBEDTLS_CTR_DRBG_C
|
||||
#define MBEDTLS_DES_C
|
||||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_MD_C
|
||||
#define MBEDTLS_MD5_C
|
||||
#define MBEDTLS_NET_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_SHA1_C
|
||||
/* The library does not currently support enabling SHA-224 without SHA-256.
|
||||
* A future version of the library will have this option disabled
|
||||
* by default. */
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SSL_CLI_C
|
||||
#define MBEDTLS_SSL_SRV_C
|
||||
#define MBEDTLS_SSL_TLS_C
|
||||
#define MBEDTLS_X509_CRT_PARSE_C
|
||||
#define MBEDTLS_X509_USE_C
|
||||
|
||||
/* For test certificates */
|
||||
#define MBEDTLS_BASE64_C
|
||||
#define MBEDTLS_PEM_PARSE_C
|
||||
|
||||
/* For testing with compat.sh */
|
||||
#define MBEDTLS_FS_IO
|
||||
|
||||
#include "mbedtls/check_config.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
||||
@ -621,16 +621,6 @@
|
||||
#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) || \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
|
||||
!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||
@ -641,8 +631,7 @@
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if (defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) ||\
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
@ -659,7 +648,6 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
|
||||
#endif
|
||||
@ -677,16 +665,10 @@
|
||||
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1_2))
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
|
||||
#error "Illegal protocol selection"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
|
||||
#endif
|
||||
@ -724,15 +706,11 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
|
||||
#endif
|
||||
@ -741,10 +719,6 @@
|
||||
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && !defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
|
||||
@ -859,6 +833,13 @@
|
||||
#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) //no-check-names
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1 (TLS v1.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) //no-check-names
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
|
||||
@ -1530,9 +1530,7 @@
|
||||
*
|
||||
* This only affects CBC ciphersuites, and is useless if none is defined.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_2
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
* Comment this macro to disable support for Encrypt-then-MAC
|
||||
*/
|
||||
@ -1548,9 +1546,7 @@
|
||||
* renegotiation), since it actually fixes a more fundamental issue in the
|
||||
* original SSL/TLS design, and has implications beyond Triple Handshake.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_2
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
* Comment this macro to disable support for Extended Master Secret.
|
||||
*/
|
||||
@ -1599,7 +1595,7 @@
|
||||
/**
|
||||
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
*
|
||||
* Enable 1/n-1 record splitting for CBC mode in TLS 1.0.
|
||||
* Enable 1/n-1 record splitting for CBC mode in TLS.
|
||||
*
|
||||
* This is a countermeasure to the BEAST attack, which also minimizes the risk
|
||||
* of interoperability issues compared to sending 0-length records.
|
||||
@ -1649,30 +1645,6 @@
|
||||
*/
|
||||
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||
*
|
||||
* Enable support for TLS 1.0.
|
||||
*
|
||||
* Requires: MBEDTLS_MD5_C
|
||||
* MBEDTLS_SHA1_C
|
||||
*
|
||||
* Comment this macro to disable support for TLS 1.0
|
||||
*/
|
||||
#define MBEDTLS_SSL_PROTO_TLS1
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1_1
|
||||
*
|
||||
* Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
|
||||
*
|
||||
* Requires: MBEDTLS_MD5_C
|
||||
* MBEDTLS_SHA1_C
|
||||
*
|
||||
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
|
||||
*/
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_1
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
@ -1709,11 +1681,9 @@
|
||||
*
|
||||
* Enable support for DTLS (all available versions).
|
||||
*
|
||||
* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
|
||||
* and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
|
||||
* Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_1
|
||||
* or MBEDTLS_SSL_PROTO_TLS1_2
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
* Comment this macro to disable support for DTLS
|
||||
*/
|
||||
@ -2738,10 +2708,9 @@
|
||||
* library/pem.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
|
||||
* depending on the handshake parameters. Further, it is used for checking
|
||||
* MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
|
||||
* encrypted keys.
|
||||
* This module is required for TLS 1.2 depending on the handshake parameters.
|
||||
* Further, it is used for checking MD5-signed certificates, and for PBKDF1
|
||||
* when decrypting PEM-encoded encrypted keys.
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
@ -3061,8 +3030,8 @@
|
||||
* library/ssl_tls.c
|
||||
* library/x509write_crt.c
|
||||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
* This module is required for TLS 1.2 depending on the handshake parameters,
|
||||
* and for SHA1-signed certificates.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
|
||||
@ -131,8 +131,8 @@
|
||||
* - RFC 8446: see section 4.2.1
|
||||
*/
|
||||
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 deprecated */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 deprecated */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
|
||||
|
||||
@ -2602,8 +2602,7 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
|
||||
* MBEDTLS_SSL_MINOR_VERSION_2,
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
||||
*
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
|
||||
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*/
|
||||
void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites,
|
||||
@ -3253,8 +3252,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
|
||||
*
|
||||
* \note This ignores ciphersuites from higher versions.
|
||||
*
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||
@ -3265,13 +3263,12 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino
|
||||
|
||||
/**
|
||||
* \brief Set the minimum accepted SSL/TLS protocol version
|
||||
* (Default: TLS 1.0)
|
||||
* (Default: TLS 1.2)
|
||||
*
|
||||
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
|
||||
* SSL_MIN_XXXXX_VERSION range is ignored.
|
||||
*
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
* \note With DTLS, MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||
@ -3398,21 +3395,6 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c
|
||||
void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
/**
|
||||
* \brief Enable / Disable 1/n-1 record splitting
|
||||
* (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
|
||||
*
|
||||
* \note Only affects TLS 1.0, not higher versions.
|
||||
* Does not affect non-CBC ciphersuites in any version.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
|
||||
* MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
|
||||
*/
|
||||
void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
|
||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Enable / Disable session tickets (client only).
|
||||
|
||||
@ -1951,12 +1951,8 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
|
||||
p += 2;
|
||||
|
||||
/*
|
||||
* Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
|
||||
* even is lower than our min version.
|
||||
*/
|
||||
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
||||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
|
||||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ||
|
||||
major_ver > ssl->conf->max_major_ver ||
|
||||
minor_ver > ssl->conf->max_minor_ver )
|
||||
{
|
||||
@ -2843,8 +2839,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( len_bytes == 2 )
|
||||
{
|
||||
ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
|
||||
@ -3238,17 +3233,6 @@ start_processing:
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
|
||||
|
||||
/* Default hash for ECDSA is SHA-1 */
|
||||
if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE )
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
@ -3285,19 +3269,7 @@ start_processing:
|
||||
/*
|
||||
* Compute the hash that has been signed
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( md_alg == MBEDTLS_MD_NONE )
|
||||
{
|
||||
hashlen = 36;
|
||||
ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params,
|
||||
params_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( md_alg != MBEDTLS_MD_NONE )
|
||||
{
|
||||
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
|
||||
@ -3307,8 +3279,7 @@ start_processing:
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
@ -4113,35 +4084,6 @@ sign:
|
||||
|
||||
ssl->handshake->calc_verify( ssl, hash, &hashlen );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/*
|
||||
* digitally-signed struct {
|
||||
* opaque md5_hash[16];
|
||||
* opaque sha_hash[20];
|
||||
* };
|
||||
*
|
||||
* md5_hash
|
||||
* MD5(handshake_messages);
|
||||
*
|
||||
* sha_hash
|
||||
* SHA(handshake_messages);
|
||||
*/
|
||||
md_alg = MBEDTLS_MD_NONE;
|
||||
|
||||
/*
|
||||
* For ECDSA, default hash is SHA-1 only
|
||||
*/
|
||||
if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
|
||||
{
|
||||
hash_start += 16;
|
||||
hashlen -= 16;
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
|
||||
@ -41,8 +41,7 @@
|
||||
|
||||
/*
|
||||
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
|
||||
* available. Try SHA-256 first, 512 wastes resources since we need to stay
|
||||
* with max 32 bytes of cookie for DTLS 1.0
|
||||
* available. Try SHA-256 first, 512 wastes resources
|
||||
*/
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define COOKIE_MD MBEDTLS_MD_SHA224
|
||||
|
||||
@ -68,17 +68,9 @@
|
||||
/* Determine minimum supported version */
|
||||
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
|
||||
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
@ -88,15 +80,6 @@
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* Shorthand for restartable ECC */
|
||||
@ -153,11 +136,9 @@
|
||||
#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
|
||||
#endif
|
||||
|
||||
/* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */
|
||||
/* This macro determines whether the CBC construct used in TLS 1.2 is supported. */
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
|
||||
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) )
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
|
||||
#endif
|
||||
|
||||
@ -550,10 +531,6 @@ struct mbedtls_ssl_handshake_params
|
||||
/*
|
||||
* Checksum contexts
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_context fin_md5;
|
||||
mbedtls_sha1_context fin_sha1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@ -1202,21 +1179,13 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t
|
||||
return( diff );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash, size_t *hashlen,
|
||||
unsigned char *data, size_t data_len,
|
||||
mbedtls_md_type_t md_alg );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@ -519,9 +519,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
#endif
|
||||
|
||||
/* The PRNG is used for dynamic IV generation that's used
|
||||
* for CBC transformations in TLS 1.1 and TLS 1.2. */
|
||||
* for CBC transformations in TLS 1.2. */
|
||||
#if !( defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
|
||||
( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) )
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
#endif
|
||||
@ -644,8 +644,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||
@ -835,12 +834,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
rec->data_len += padlen + 1;
|
||||
post_avail -= padlen + 1;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Prepend per-record IV for block cipher in TLS v1.1 and up as per
|
||||
* Prepend per-record IV for block cipher in TLS v1.2
|
||||
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
|
||||
*/
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
if( f_rng == NULL )
|
||||
{
|
||||
@ -865,7 +864,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
transform->ivlen );
|
||||
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||
"including %" MBEDTLS_PRINTF_SIZET
|
||||
@ -889,22 +888,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
{
|
||||
/*
|
||||
* Save IV in TLS1
|
||||
*/
|
||||
memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
|
||||
transform->ivlen );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
data -= transform->ivlen;
|
||||
rec->data_offset -= transform->ivlen;
|
||||
rec->data_len += transform->ivlen;
|
||||
}
|
||||
data -= transform->ivlen;
|
||||
rec->data_offset -= transform->ivlen;
|
||||
rec->data_len += transform->ivlen;
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
if( auth_done == 0 )
|
||||
@ -1381,8 +1367,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
/*
|
||||
* Check immediate ciphertext sanity
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* The ciphertext is prefixed with the CBC IV. */
|
||||
minlen += transform->ivlen;
|
||||
@ -1487,11 +1473,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Initialize for prepended IV for block cipher in TLS v1.1 and up
|
||||
* Initialize for prepended IV for block cipher in TLS v1.2
|
||||
*/
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
|
||||
memcpy( transform->iv_dec, data, transform->ivlen );
|
||||
@ -1500,7 +1486,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
rec->data_offset += transform->ivlen;
|
||||
rec->data_len -= transform->ivlen;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
|
||||
|
||||
@ -1519,20 +1505,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
{
|
||||
/*
|
||||
* Save IV in TLS1, where CBC decryption of consecutive
|
||||
* records is equivalent to CBC decryption of the concatenation
|
||||
* of the records; in other words, IVs are maintained across
|
||||
* record decryptions.
|
||||
*/
|
||||
memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
|
||||
transform->ivlen );
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Safe since data_len >= minlen + maclen + 1, so after having
|
||||
* subtracted at most minlen and maclen up to this point,
|
||||
* data_len > 0 (because of data_len % ivlen == 0, it's actually
|
||||
@ -1573,8 +1545,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
/* Regardless of the validity of the padding,
|
||||
* we have data_len >= padlen here. */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/* The padding check involves a series of up to 256
|
||||
* consecutive memory reads at the end of the record
|
||||
* plaintext buffer. In order to hide the length and
|
||||
@ -1609,8 +1580,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
#endif
|
||||
padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* If the padding was found to be invalid, padlen == 0
|
||||
* and the subtraction is safe. If the padding was found valid,
|
||||
@ -1657,8 +1627,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||
transform->minor_ver );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* The next two sizes are the minimum and maximum values of
|
||||
* data_len over all padlen values.
|
||||
@ -1686,8 +1655,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
rec->data_len,
|
||||
min_len, max_len,
|
||||
transform->maclen );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
|
||||
@ -5058,10 +5026,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
||||
|
||||
/* For TLS 1.1 or higher, an explicit IV is added
|
||||
* after the record header. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
transform_expansion += block_size;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
break;
|
||||
|
||||
@ -5201,8 +5169,7 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
|
||||
@ -5213,8 +5180,7 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
||||
@ -3199,14 +3199,6 @@ curve_matching_done:
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||
{
|
||||
/* B: Default hash SHA1 */
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
{
|
||||
/* C: MD5 + SHA1 */
|
||||
md_alg = MBEDTLS_MD_NONE;
|
||||
@ -3217,20 +3209,7 @@ curve_matching_done:
|
||||
/*
|
||||
* 2.2: Compute the hash to be signed
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( md_alg == MBEDTLS_MD_NONE )
|
||||
{
|
||||
hashlen = 36;
|
||||
ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash,
|
||||
dig_signed,
|
||||
dig_signed_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( md_alg != MBEDTLS_MD_NONE )
|
||||
{
|
||||
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
|
||||
@ -3241,8 +3220,7 @@ curve_matching_done:
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
@ -3556,8 +3534,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||
/*
|
||||
* Prepare to decrypt the premaster using own private RSA key
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if ( p + 2 > end ) {
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
@ -4177,22 +4154,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
* opaque signature<0..2^16-1>;
|
||||
* } DigitallySigned;
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
md_alg = MBEDTLS_MD_NONE;
|
||||
hashlen = 36;
|
||||
|
||||
/* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
|
||||
if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) )
|
||||
{
|
||||
hash_start += 16;
|
||||
hashlen -= 16;
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
|
||||
@ -324,122 +324,6 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static int tls1_prf( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
const unsigned char *random, size_t rlen,
|
||||
unsigned char *dstbuf, size_t dlen )
|
||||
{
|
||||
size_t nb, hs;
|
||||
size_t i, j, k;
|
||||
const unsigned char *S1, *S2;
|
||||
unsigned char *tmp;
|
||||
size_t tmp_len = 0;
|
||||
unsigned char h_i[20];
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
|
||||
tmp_len = 20 + strlen( label ) + rlen;
|
||||
tmp = mbedtls_calloc( 1, tmp_len );
|
||||
if( tmp == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
hs = ( slen + 1 ) / 2;
|
||||
S1 = secret;
|
||||
S2 = secret + slen - hs;
|
||||
|
||||
nb = strlen( label );
|
||||
memcpy( tmp + 20, label, nb );
|
||||
memcpy( tmp + 20 + nb, random, rlen );
|
||||
nb += rlen;
|
||||
|
||||
/*
|
||||
* First compute P_md5(secret,label+random)[0..dlen]
|
||||
*/
|
||||
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_md_hmac_starts( &md_ctx, S1, hs );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
|
||||
for( i = 0; i < dlen; i += 16 )
|
||||
{
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
|
||||
mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
|
||||
k = ( i + 16 > dlen ) ? dlen % 16 : 16;
|
||||
|
||||
for( j = 0; j < k; j++ )
|
||||
dstbuf[i + j] = h_i[j];
|
||||
}
|
||||
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
/*
|
||||
* XOR out with P_sha1(secret,label+random)[0..dlen]
|
||||
*/
|
||||
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_md_hmac_starts( &md_ctx, S2, hs );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
|
||||
for( i = 0; i < dlen; i += 20 )
|
||||
{
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
|
||||
k = ( i + 20 > dlen ) ? dlen % 20 : 20;
|
||||
|
||||
for( j = 0; j < k; j++ )
|
||||
dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
mbedtls_platform_zeroize( tmp, tmp_len );
|
||||
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
||||
|
||||
mbedtls_free( tmp );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
@ -667,15 +551,6 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||
|
||||
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * );
|
||||
static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
@ -715,13 +590,6 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( tls_prf == tls1_prf )
|
||||
{
|
||||
return( MBEDTLS_SSL_TLS_PRF_TLS1 );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
if( tls_prf == tls_prf_sha384 )
|
||||
@ -752,12 +620,6 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
|
||||
|
||||
switch( prf )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
case MBEDTLS_SSL_TLS_PRF_TLS1:
|
||||
tls_prf = tls1_prf;
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
case MBEDTLS_SSL_TLS_PRF_SHA384:
|
||||
@ -1023,14 +885,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||
- transform->maclen % cipher_info->block_size;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
; /* No need to adjust minlen */
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
|
||||
minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
transform->minlen += transform->ivlen;
|
||||
}
|
||||
@ -1105,9 +961,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||
goto end;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
|
||||
@ -1280,7 +1135,7 @@ end:
|
||||
}
|
||||
|
||||
/*
|
||||
* Set appropriate PRF function and other SSL / TLS 1.0/1.1 / TLS1.2 functions
|
||||
* Set appropriate PRF function and other SSL / TLS1.2 functions
|
||||
*
|
||||
* Inputs:
|
||||
* - SSL/TLS minor version
|
||||
@ -1297,15 +1152,6 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
||||
(void) hash;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
handshake->tls_prf = tls1_prf;
|
||||
handshake->calc_verify = ssl_calc_verify_tls;
|
||||
handshake->calc_finished = ssl_calc_finished_tls;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
|
||||
@ -1546,37 +1392,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash,
|
||||
size_t *hlen )
|
||||
{
|
||||
mbedtls_md5_context md5;
|
||||
mbedtls_sha1_context sha1;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
|
||||
|
||||
mbedtls_md5_init( &md5 );
|
||||
mbedtls_sha1_init( &sha1 );
|
||||
|
||||
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
|
||||
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
|
||||
|
||||
mbedtls_md5_finish_ret( &md5, hash );
|
||||
mbedtls_sha1_finish_ret( &sha1, hash + 16 );
|
||||
|
||||
*hlen = 36;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
|
||||
|
||||
mbedtls_md5_free( &md5 );
|
||||
mbedtls_sha1_free( &sha1 );
|
||||
|
||||
return;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
|
||||
@ -2203,8 +2018,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
return( -1 );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
|
||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
|
||||
@ -2215,8 +2029,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
|
||||
return( -1 );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
@ -2651,11 +2464,6 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
{
|
||||
((void) ciphersuite_info);
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||
@ -2676,10 +2484,6 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
|
||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 );
|
||||
mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@ -2703,10 +2507,6 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
|
||||
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@ -2725,15 +2525,6 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
|
||||
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
|
||||
@ -2760,65 +2551,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_calc_finished_tls(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
||||
{
|
||||
int len = 12;
|
||||
const char *sender;
|
||||
mbedtls_md5_context md5;
|
||||
mbedtls_sha1_context sha1;
|
||||
unsigned char padbuf[36];
|
||||
|
||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
||||
if( !session )
|
||||
session = ssl->session;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
|
||||
|
||||
mbedtls_md5_init( &md5 );
|
||||
mbedtls_sha1_init( &sha1 );
|
||||
|
||||
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
|
||||
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
|
||||
|
||||
/*
|
||||
* TLSv1:
|
||||
* hash = PRF( master, finished_label,
|
||||
* MD5( handshake ) + SHA1( handshake ) )[0..11]
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
|
||||
md5.state, sizeof( md5.state ) );
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
|
||||
sha1.state, sizeof( sha1.state ) );
|
||||
#endif
|
||||
|
||||
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
|
||||
? "client finished"
|
||||
: "server finished";
|
||||
|
||||
mbedtls_md5_finish_ret( &md5, padbuf );
|
||||
mbedtls_sha1_finish_ret( &sha1, padbuf + 16 );
|
||||
|
||||
ssl->handshake->tls_prf( session->master, 48, sender,
|
||||
padbuf, 36, buf, len );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
|
||||
|
||||
mbedtls_md5_free( &md5 );
|
||||
mbedtls_sha1_free( &sha1 );
|
||||
|
||||
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
static void ssl_calc_finished_tls_sha256(
|
||||
@ -3249,12 +2981,6 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||
{
|
||||
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_init( &handshake->fin_md5 );
|
||||
mbedtls_sha1_init( &handshake->fin_sha1 );
|
||||
mbedtls_md5_starts_ret( &handshake->fin_md5 );
|
||||
mbedtls_sha1_starts_ret( &handshake->fin_sha1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@ -5583,10 +5309,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_free( &handshake->fin_md5 );
|
||||
mbedtls_sha1_free( &handshake->fin_sha1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@ -6985,17 +6707,6 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||
|
||||
switch( md )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
case MBEDTLS_SSL_HASH_MD5:
|
||||
return( -1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
case MBEDTLS_SSL_HASH_SHA1:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls;
|
||||
break;
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
case MBEDTLS_SSL_HASH_SHA384:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
||||
@ -7019,92 +6730,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len )
|
||||
{
|
||||
int ret = 0;
|
||||
mbedtls_md5_context mbedtls_md5;
|
||||
mbedtls_sha1_context mbedtls_sha1;
|
||||
|
||||
mbedtls_md5_init( &mbedtls_md5 );
|
||||
mbedtls_sha1_init( &mbedtls_sha1 );
|
||||
|
||||
/*
|
||||
* digitally-signed struct {
|
||||
* opaque md5_hash[16];
|
||||
* opaque sha_hash[20];
|
||||
* };
|
||||
*
|
||||
* md5_hash
|
||||
* MD5(ClientHello.random + ServerHello.random
|
||||
* + ServerParams);
|
||||
* sha_hash
|
||||
* SHA(ClientHello.random + ServerHello.random
|
||||
* + ServerParams);
|
||||
*/
|
||||
if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5,
|
||||
ssl->handshake->randbytes, 64 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1,
|
||||
ssl->handshake->randbytes, 64 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data,
|
||||
data_len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1,
|
||||
output + 16 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_md5_free( &mbedtls_md5 );
|
||||
mbedtls_sha1_free( &mbedtls_sha1 );
|
||||
|
||||
if( ret != 0 )
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||
|
||||
return( ret );
|
||||
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
@ -7227,7 +6853,6 @@ exit:
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
@ -422,7 +422,7 @@ int main( void )
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||
" options: tls1_2, dtls1_2\n" \
|
||||
"\n" \
|
||||
" force_ciphersuite=<name> default: all enabled\n"\
|
||||
" query_config=<name> return 0 if the specified\n" \
|
||||
@ -1098,12 +1098,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "min_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
@ -1111,12 +1106,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "max_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
@ -1133,27 +1123,11 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "force_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
}
|
||||
else if( strcmp( q, "tls1_1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
}
|
||||
else if( strcmp( q, "tls1_2" ) == 0 )
|
||||
if( strcmp( q, "tls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
}
|
||||
else if( strcmp( q, "dtls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||
}
|
||||
else if( strcmp( q, "dtls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
@ -1375,10 +1349,10 @@ int main( int argc, char *argv[] )
|
||||
if( opt.min_version < ciphersuite_info->min_minor_ver )
|
||||
{
|
||||
opt.min_version = ciphersuite_info->min_minor_ver;
|
||||
/* DTLS starts with TLS 1.1 */
|
||||
/* for DTLS 1.2 */
|
||||
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
@ -503,7 +503,7 @@ int main( void )
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||
" options: tls1, dtls1_2\n" \
|
||||
"\n" \
|
||||
" version_suites=a,b,c per-version ciphersuites\n" \
|
||||
" in order from tls1 to tls1_2\n" \
|
||||
@ -1726,12 +1726,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "min_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
@ -1739,12 +1734,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "max_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
@ -1761,27 +1751,11 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "force_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
}
|
||||
else if( strcmp( q, "tls1_1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
}
|
||||
else if( strcmp( q, "tls1_2" ) == 0 )
|
||||
if( strcmp( q, "tls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
}
|
||||
else if( strcmp( q, "dtls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||
}
|
||||
else if( strcmp( q, "dtls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
|
||||
@ -67,7 +67,7 @@ else
|
||||
fi
|
||||
|
||||
# default values for options
|
||||
MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2"
|
||||
MODES="tls1_2 dtls1_2"
|
||||
VERIFIES="NO YES"
|
||||
TYPES="ECDSA RSA PSK"
|
||||
FILTER=""
|
||||
@ -162,12 +162,6 @@ is_dtls()
|
||||
minor_ver()
|
||||
{
|
||||
case "$1" in
|
||||
tls1)
|
||||
echo 1
|
||||
;;
|
||||
tls1_1|dtls1)
|
||||
echo 2
|
||||
;;
|
||||
tls1_2|dtls1_2)
|
||||
echo 3
|
||||
;;
|
||||
@ -841,19 +835,9 @@ setup_arguments()
|
||||
{
|
||||
G_MODE=""
|
||||
case "$MODE" in
|
||||
"tls1")
|
||||
G_PRIO_MODE="+VERS-TLS1.0"
|
||||
;;
|
||||
"tls1_1")
|
||||
G_PRIO_MODE="+VERS-TLS1.1"
|
||||
;;
|
||||
"tls1_2")
|
||||
G_PRIO_MODE="+VERS-TLS1.2"
|
||||
;;
|
||||
"dtls1")
|
||||
G_PRIO_MODE="+VERS-DTLS1.0"
|
||||
G_MODE="-u"
|
||||
;;
|
||||
"dtls1_2")
|
||||
G_PRIO_MODE="+VERS-DTLS1.2"
|
||||
G_MODE="-u"
|
||||
|
||||
@ -115,7 +115,7 @@ echo
|
||||
echo '################ compat.sh ################'
|
||||
{
|
||||
echo '#### compat.sh: Default versions'
|
||||
sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
||||
sh compat.sh -m 'tls1_2 dtls1_2'
|
||||
echo
|
||||
|
||||
echo '#### compat.sh: legacy (null, DES, RC4)'
|
||||
|
||||
@ -31,9 +31,6 @@ my %configs = (
|
||||
'config-ccm-psk-tls1_2.h' => {
|
||||
'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
|
||||
},
|
||||
'config-mini-tls1_1.h' => {
|
||||
'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #'
|
||||
},
|
||||
'config-no-entropy.h' => {
|
||||
},
|
||||
'config-suite-b.h' => {
|
||||
|
||||
719
tests/ssl-opt.sh
719
tests/ssl-opt.sh
@ -1402,22 +1402,6 @@ run_test "Context-specific CRT verification callback" \
|
||||
-C "Use configuration-specific verification callback" \
|
||||
-C "error"
|
||||
|
||||
# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
|
||||
"$G_SRV"\
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0
|
||||
|
||||
requires_gnutls
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
|
||||
run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
|
||||
"$G_SRV"\
|
||||
"$P_CLI force_version=tls1" \
|
||||
0
|
||||
|
||||
# Tests for SHA-1 support
|
||||
run_test "SHA-1 forbidden by default in server certificate" \
|
||||
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
|
||||
@ -2460,33 +2444,6 @@ run_test "Extended Master Secret: client disabled, server enabled" \
|
||||
|
||||
# Tests for FALLBACK_SCSV
|
||||
|
||||
run_test "Fallback SCSV: default" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$P_CLI debug_level=3 force_version=tls1_1" \
|
||||
0 \
|
||||
-C "adding FALLBACK_SCSV" \
|
||||
-S "received FALLBACK_SCSV" \
|
||||
-S "inapropriate fallback" \
|
||||
-C "is a fatal alert message (msg 86)"
|
||||
|
||||
run_test "Fallback SCSV: explicitly disabled" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
|
||||
0 \
|
||||
-C "adding FALLBACK_SCSV" \
|
||||
-S "received FALLBACK_SCSV" \
|
||||
-S "inapropriate fallback" \
|
||||
-C "is a fatal alert message (msg 86)"
|
||||
|
||||
run_test "Fallback SCSV: enabled" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
|
||||
1 \
|
||||
-c "adding FALLBACK_SCSV" \
|
||||
-s "received FALLBACK_SCSV" \
|
||||
-s "inapropriate fallback" \
|
||||
-c "is a fatal alert message (msg 86)"
|
||||
|
||||
run_test "Fallback SCSV: enabled, max version" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$P_CLI debug_level=3 fallback=1" \
|
||||
@ -2496,38 +2453,6 @@ run_test "Fallback SCSV: enabled, max version" \
|
||||
-S "inapropriate fallback" \
|
||||
-C "is a fatal alert message (msg 86)"
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: default, openssl server" \
|
||||
"$O_SRV" \
|
||||
"$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
|
||||
0 \
|
||||
-C "adding FALLBACK_SCSV" \
|
||||
-C "is a fatal alert message (msg 86)"
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: enabled, openssl server" \
|
||||
"$O_SRV" \
|
||||
"$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
|
||||
1 \
|
||||
-c "adding FALLBACK_SCSV" \
|
||||
-c "is a fatal alert message (msg 86)"
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: disabled, openssl client" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$O_CLI -tls1_1" \
|
||||
0 \
|
||||
-S "received FALLBACK_SCSV" \
|
||||
-S "inapropriate fallback"
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: enabled, openssl client" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$O_CLI -tls1_1 -fallback_scsv" \
|
||||
1 \
|
||||
-s "received FALLBACK_SCSV" \
|
||||
-s "inapropriate fallback"
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: enabled, max version, openssl client" \
|
||||
"$P_SRV debug_level=2" \
|
||||
@ -2568,37 +2493,6 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
|
||||
-s "dumping 'input payload after decrypt' (0 bytes)" \
|
||||
-c "0 bytes written in 1 fragments"
|
||||
|
||||
## ClientHello generated with
|
||||
## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
|
||||
## then manually twiddling the ciphersuite list.
|
||||
## The ClientHello content is spelled out below as a hex string as
|
||||
## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
|
||||
## The expected response is an inappropriate_fallback alert.
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: beginning of list" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \
|
||||
0 \
|
||||
-s "received FALLBACK_SCSV" \
|
||||
-s "inapropriate fallback"
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: end of list" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \
|
||||
0 \
|
||||
-s "received FALLBACK_SCSV" \
|
||||
-s "inapropriate fallback"
|
||||
|
||||
## Here the expected response is a valid ServerHello prefix, up to the random.
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: not in list" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \
|
||||
0 \
|
||||
-S "received FALLBACK_SCSV" \
|
||||
-S "inapropriate fallback"
|
||||
|
||||
# Tests for CBC 1/n-1 record splitting
|
||||
|
||||
run_test "CBC Record splitting: TLS 1.2, no splitting" \
|
||||
@ -2610,42 +2504,6 @@ run_test "CBC Record splitting: TLS 1.2, no splitting" \
|
||||
-S "Read from client: 1 bytes read" \
|
||||
-S "122 bytes read"
|
||||
|
||||
run_test "CBC Record splitting: TLS 1.1, no splitting" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
request_size=123 force_version=tls1_1" \
|
||||
0 \
|
||||
-s "Read from client: 123 bytes read" \
|
||||
-S "Read from client: 1 bytes read" \
|
||||
-S "122 bytes read"
|
||||
|
||||
run_test "CBC Record splitting: TLS 1.0, splitting" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
request_size=123 force_version=tls1" \
|
||||
0 \
|
||||
-S "Read from client: 123 bytes read" \
|
||||
-s "Read from client: 1 bytes read" \
|
||||
-s "122 bytes read"
|
||||
|
||||
run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
request_size=123 force_version=tls1 recsplit=0" \
|
||||
0 \
|
||||
-s "Read from client: 123 bytes read" \
|
||||
-S "Read from client: 1 bytes read" \
|
||||
-S "122 bytes read"
|
||||
|
||||
run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
|
||||
"$P_SRV nbio=2" \
|
||||
"$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
request_size=123 force_version=tls1" \
|
||||
0 \
|
||||
-S "Read from client: 123 bytes read" \
|
||||
-s "Read from client: 1 bytes read" \
|
||||
-s "122 bytes read"
|
||||
|
||||
# Tests for Session Tickets
|
||||
|
||||
run_test "Session resume using tickets: basic" \
|
||||
@ -4464,52 +4322,6 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
|
||||
-c "signed using.*ECDSA with SHA256" \
|
||||
-C "signed using.*ECDSA with SHA1"
|
||||
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
|
||||
"$P_SRV crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key \
|
||||
crt_file2=data_files/server5-sha1.crt \
|
||||
key_file2=data_files/server5.key" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-C "signed using.*ECDSA with SHA256" \
|
||||
-c "signed using.*ECDSA with SHA1"
|
||||
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
|
||||
"$P_SRV crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key \
|
||||
crt_file2=data_files/server5-sha1.crt \
|
||||
key_file2=data_files/server5.key" \
|
||||
"$P_CLI force_version=tls1" \
|
||||
0 \
|
||||
-C "signed using.*ECDSA with SHA256" \
|
||||
-c "signed using.*ECDSA with SHA1"
|
||||
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
|
||||
"$P_SRV crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key \
|
||||
crt_file2=data_files/server6.crt \
|
||||
key_file2=data_files/server6.key" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-c "serial number.*09" \
|
||||
-c "signed using.*ECDSA with SHA256" \
|
||||
-C "signed using.*ECDSA with SHA1"
|
||||
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
|
||||
"$P_SRV crt_file=data_files/server6.crt \
|
||||
key_file=data_files/server6.key \
|
||||
crt_file2=data_files/server5.crt \
|
||||
key_file2=data_files/server5.key" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-c "serial number.*0A" \
|
||||
-c "signed using.*ECDSA with SHA256" \
|
||||
-C "signed using.*ECDSA with SHA1"
|
||||
|
||||
# tests for SNI
|
||||
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
@ -4970,67 +4782,6 @@ run_test "Version check: all -> 1.2" \
|
||||
-s "Protocol is TLSv1.2" \
|
||||
-c "Protocol is TLSv1.2"
|
||||
|
||||
run_test "Version check: cli max 1.1 -> 1.1" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI max_version=tls1_1" \
|
||||
0 \
|
||||
-S "mbedtls_ssl_handshake returned" \
|
||||
-C "mbedtls_ssl_handshake returned" \
|
||||
-s "Protocol is TLSv1.1" \
|
||||
-c "Protocol is TLSv1.1"
|
||||
|
||||
run_test "Version check: srv max 1.1 -> 1.1" \
|
||||
"$P_SRV max_version=tls1_1" \
|
||||
"$P_CLI" \
|
||||
0 \
|
||||
-S "mbedtls_ssl_handshake returned" \
|
||||
-C "mbedtls_ssl_handshake returned" \
|
||||
-s "Protocol is TLSv1.1" \
|
||||
-c "Protocol is TLSv1.1"
|
||||
|
||||
run_test "Version check: cli+srv max 1.1 -> 1.1" \
|
||||
"$P_SRV max_version=tls1_1" \
|
||||
"$P_CLI max_version=tls1_1" \
|
||||
0 \
|
||||
-S "mbedtls_ssl_handshake returned" \
|
||||
-C "mbedtls_ssl_handshake returned" \
|
||||
-s "Protocol is TLSv1.1" \
|
||||
-c "Protocol is TLSv1.1"
|
||||
|
||||
run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
|
||||
"$P_SRV min_version=tls1_1" \
|
||||
"$P_CLI max_version=tls1_1" \
|
||||
0 \
|
||||
-S "mbedtls_ssl_handshake returned" \
|
||||
-C "mbedtls_ssl_handshake returned" \
|
||||
-s "Protocol is TLSv1.1" \
|
||||
-c "Protocol is TLSv1.1"
|
||||
|
||||
run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
|
||||
"$P_SRV max_version=tls1_1" \
|
||||
"$P_CLI min_version=tls1_1" \
|
||||
0 \
|
||||
-S "mbedtls_ssl_handshake returned" \
|
||||
-C "mbedtls_ssl_handshake returned" \
|
||||
-s "Protocol is TLSv1.1" \
|
||||
-c "Protocol is TLSv1.1"
|
||||
|
||||
run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
|
||||
"$P_SRV max_version=tls1_1" \
|
||||
"$P_CLI min_version=tls1_2" \
|
||||
1 \
|
||||
-s "mbedtls_ssl_handshake returned" \
|
||||
-c "mbedtls_ssl_handshake returned" \
|
||||
-c "SSL - Handshake protocol not within min/max boundaries"
|
||||
|
||||
run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
|
||||
"$P_SRV min_version=tls1_2" \
|
||||
"$P_CLI max_version=tls1_1" \
|
||||
1 \
|
||||
-s "mbedtls_ssl_handshake returned" \
|
||||
-c "mbedtls_ssl_handshake returned" \
|
||||
-s "SSL - Handshake protocol not within min/max boundaries"
|
||||
|
||||
# Tests for ALPN extension
|
||||
|
||||
run_test "ALPN: none" \
|
||||
@ -5884,24 +5635,6 @@ run_test "ECJPAKE: working, DTLS, nolog" \
|
||||
|
||||
# Tests for ciphersuites per version
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
|
||||
requires_config_enabled MBEDTLS_CAMELLIA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
run_test "Per-version suites: TLS 1.0" \
|
||||
"$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=tls1" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
requires_config_enabled MBEDTLS_CAMELLIA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
run_test "Per-version suites: TLS 1.1" \
|
||||
"$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_CAMELLIA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
@ -5936,66 +5669,6 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \
|
||||
|
||||
# Tests for small client packets
|
||||
|
||||
run_test "Small client packet TLS 1.0 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small client packet TLS 1.1 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=1 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
run_test "Small client packet TLS 1.2 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=1 force_version=tls1_2 \
|
||||
@ -6049,40 +5722,6 @@ run_test "Small client packet TLS 1.2 AEAD shorter tag" \
|
||||
|
||||
# Tests for small client packets in DTLS
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
run_test "Small client packet DTLS 1.0" \
|
||||
"$P_SRV dtls=1 force_version=dtls1" \
|
||||
"$P_CLI dtls=1 request_size=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
run_test "Small client packet DTLS 1.0, without EtM" \
|
||||
"$P_SRV dtls=1 force_version=dtls1 etm=0" \
|
||||
"$P_CLI dtls=1 request_size=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small client packet DTLS 1.0, truncated hmac" \
|
||||
"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
|
||||
"$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
|
||||
"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
|
||||
"$P_CLI dtls=1 request_size=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
|
||||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
run_test "Small client packet DTLS 1.2" \
|
||||
"$P_SRV dtls=1 force_version=dtls1_2" \
|
||||
@ -6119,66 +5758,6 @@ run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
|
||||
|
||||
# Tests for small server packets
|
||||
|
||||
run_test "Small server packet TLS 1.0 BlockCipher" \
|
||||
"$P_SRV response_size=1" \
|
||||
"$P_CLI force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \
|
||||
"$P_SRV response_size=1" \
|
||||
"$P_CLI force_version=tls1 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
|
||||
"$P_SRV response_size=1 trunc_hmac=1" \
|
||||
"$P_CLI force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
|
||||
"$P_SRV response_size=1 trunc_hmac=1" \
|
||||
"$P_CLI force_version=tls1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
run_test "Small server packet TLS 1.1 BlockCipher" \
|
||||
"$P_SRV response_size=1" \
|
||||
"$P_CLI force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \
|
||||
"$P_SRV response_size=1" \
|
||||
"$P_CLI force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
|
||||
"$P_SRV response_size=1 trunc_hmac=1" \
|
||||
"$P_CLI force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
|
||||
"$P_SRV response_size=1 trunc_hmac=1" \
|
||||
"$P_CLI force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
run_test "Small server packet TLS 1.2 BlockCipher" \
|
||||
"$P_SRV response_size=1" \
|
||||
"$P_CLI force_version=tls1_2 \
|
||||
@ -6232,40 +5811,6 @@ run_test "Small server packet TLS 1.2 AEAD shorter tag" \
|
||||
|
||||
# Tests for small server packets in DTLS
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
run_test "Small server packet DTLS 1.0" \
|
||||
"$P_SRV dtls=1 response_size=1 force_version=dtls1" \
|
||||
"$P_CLI dtls=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
run_test "Small server packet DTLS 1.0, without EtM" \
|
||||
"$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
|
||||
"$P_CLI dtls=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small server packet DTLS 1.0, truncated hmac" \
|
||||
"$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
|
||||
"$P_CLI dtls=1 trunc_hmac=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
|
||||
"$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
|
||||
"$P_CLI dtls=1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
run_test "Small server packet DTLS 1.2" \
|
||||
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
|
||||
@ -6307,69 +5852,6 @@ fragments_for_write() {
|
||||
echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
|
||||
}
|
||||
|
||||
run_test "Large client packet TLS 1.0 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large client packet TLS 1.1 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
|
||||
0 \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
|
||||
"$P_SRV trunc_hmac=1" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
run_test "Large client packet TLS 1.2 BlockCipher" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI request_size=16384 force_version=tls1_2 \
|
||||
@ -6426,69 +5908,6 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \
|
||||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
# Checking next 3 tests logs for 1n-1 split against BEAST too
|
||||
run_test "Large server packet TLS 1.0 BlockCipher" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"\
|
||||
-c "16383 bytes read"\
|
||||
-C "Read from server: 16384 bytes read"
|
||||
|
||||
run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1 etm=0 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"\
|
||||
-c "16383 bytes read"\
|
||||
-C "Read from server: 16384 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1 recsplit=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
|
||||
trunc_hmac=1" \
|
||||
0 \
|
||||
-c "Read from server: 1 bytes read"\
|
||||
-c "16383 bytes read"\
|
||||
-C "Read from server: 16384 bytes read"
|
||||
|
||||
run_test "Large server packet TLS 1.1 BlockCipher" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-c "Read from server: 16384 bytes read"
|
||||
|
||||
run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1_1 etm=0 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
|
||||
0 \
|
||||
-s "16384 bytes written in 1 fragments" \
|
||||
-c "Read from server: 16384 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
|
||||
trunc_hmac=1" \
|
||||
0 \
|
||||
-c "Read from server: 16384 bytes read"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
|
||||
"$P_SRV response_size=16384 trunc_hmac=1" \
|
||||
"$P_CLI force_version=tls1_1 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
|
||||
0 \
|
||||
-s "16384 bytes written in 1 fragments" \
|
||||
-c "Read from server: 16384 bytes read"
|
||||
|
||||
run_test "Large server packet TLS 1.2 BlockCipher" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1_2 \
|
||||
@ -6710,18 +6129,6 @@ run_test "SSL async private: sign, delay=2" \
|
||||
-s "Async resume (slot [0-9]): call 0 more times." \
|
||||
-s "Async resume (slot [0-9]): sign done, status=0"
|
||||
|
||||
# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1
|
||||
# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1.
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
run_test "SSL async private: sign, RSA, TLS 1.1" \
|
||||
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \
|
||||
async_operations=s async_private_delay1=0 async_private_delay2=0" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-s "Async sign callback: using key slot " \
|
||||
-s "Async resume (slot [0-9]): sign done, status=0"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "SSL async private: sign, SNI" \
|
||||
@ -7999,21 +7406,6 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
requires_gnutls
|
||||
run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
|
||||
"$G_SRV -u" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
mtu=512 force_version=dtls1" \
|
||||
0 \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
# We use --insecure for the GnuTLS client because it expects
|
||||
# the hostname / IP it connects to to be the name used in the
|
||||
# certificate obtained from the server. Here, however, it
|
||||
@ -8036,22 +7428,6 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
# See previous test for the reason to use --insecure
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
requires_gnutls
|
||||
requires_not_i686
|
||||
run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
mtu=512 force_version=dtls1" \
|
||||
"$G_CLI -u --insecure 127.0.0.1" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
@ -8066,20 +7442,6 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
|
||||
"$O_SRV -dtls1 -verify 10" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
mtu=512 force_version=dtls1" \
|
||||
0 \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
@ -8093,19 +7455,6 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
mtu=512 force_version=dtls1" \
|
||||
"$O_CLI -dtls1" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
# interop tests for DTLS fragmentating with unreliable connection
|
||||
#
|
||||
# again we just want to test that the we fragment in a way that
|
||||
@ -8127,23 +7476,6 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_gnutls_next
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
client_needs_more_time 4
|
||||
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$G_NEXT_SRV -u" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||
0 \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
requires_gnutls_next
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
@ -8160,22 +7492,6 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
requires_gnutls_next
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
client_needs_more_time 4
|
||||
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
## Interop test with OpenSSL might trigger a bug in recent versions (including
|
||||
## all versions installed on the CI machines), reported here:
|
||||
## Bug report: https://github.com/openssl/openssl/issues/6902
|
||||
@ -8198,23 +7514,6 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
skip_next_test
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
client_needs_more_time 4
|
||||
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$O_SRV -dtls1 -verify 10" \
|
||||
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server8_int-ca2.crt \
|
||||
key_file=data_files/server8.key \
|
||||
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||
0 \
|
||||
-c "fragmenting handshake message" \
|
||||
-C "error"
|
||||
|
||||
skip_next_test
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
@ -8231,24 +7530,6 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
# -nbio is added to prevent s_client from blocking in case of duplicated
|
||||
# messages at the end of the handshake
|
||||
skip_next_test
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||
client_needs_more_time 4
|
||||
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
key_file=data_files/server7.key \
|
||||
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||
"$O_CLI -nbio -dtls1" \
|
||||
0 \
|
||||
-s "fragmenting handshake message"
|
||||
|
||||
# Tests for DTLS-SRTP (RFC 5764)
|
||||
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
|
||||
run_test "DTLS-SRTP all profiles supported" \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user