Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
7aa6fc1992
commit
6f135e1148
@ -598,11 +598,11 @@
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
( ( !defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_SHA256_C) && \
|
||||
!defined(MBEDTLS_SHA512_C) ) \
|
||||
|| ( !defined(MBEDTLS_PSA_CRYPTO_C) ) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
|
||||
@ -1487,23 +1487,19 @@
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_2
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1_3
|
||||
*
|
||||
* This macro is used to selectively enable experimental parts
|
||||
* of the code that contribute to the ongoing development of
|
||||
* the prototype TLS 1.3 and DTLS 1.3 implementation, and provide
|
||||
* no other purpose.
|
||||
* Enable support for TLS 1.3.
|
||||
*
|
||||
* \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS,
|
||||
* and no feature exposed through this macro is part of the
|
||||
* public API. In particular, features under the control
|
||||
* of this macro are experimental and don't come with any
|
||||
* stability guarantees.
|
||||
* \note The support for TLS 1.3 is not comprehensive yet, in particular
|
||||
* pre-shared keys are not supported.
|
||||
* See docs/architecture/tls13-support.md for a description of the TLS
|
||||
* 1.3 support that this option enables.
|
||||
*
|
||||
* Uncomment this macro to enable the support for TLS 1.3.
|
||||
*
|
||||
* Uncomment this macro to enable experimental and partial
|
||||
* functionality specific to TLS 1.3.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
//#define MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
@ -1521,8 +1517,8 @@
|
||||
* recommended to set this option.
|
||||
*
|
||||
* Comment to disable compatibility mode for TLS 1.3. If
|
||||
* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL is not enabled, this option does not
|
||||
* have any effect on the build.
|
||||
* MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
|
||||
* effect on the build.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
|
||||
@ -250,7 +250,7 @@
|
||||
*/
|
||||
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */
|
||||
|
||||
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
|
||||
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
|
||||
@ -638,13 +638,13 @@ typedef enum
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER,
|
||||
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
|
||||
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
|
||||
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
|
||||
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
}
|
||||
mbedtls_ssl_states;
|
||||
|
||||
@ -1154,7 +1154,7 @@ struct mbedtls_ssl_session
|
||||
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
|
||||
#endif
|
||||
};
|
||||
@ -1175,14 +1175,14 @@ mbedtls_tls_prf_types;
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET,
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
} mbedtls_ssl_key_export_type;
|
||||
|
||||
/**
|
||||
@ -1277,10 +1277,10 @@ struct mbedtls_ssl_config
|
||||
/** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
|
||||
const int *MBEDTLS_PRIVATE(ciphersuite_list);
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/** Allowed TLS 1.3 key exchange modes. */
|
||||
int MBEDTLS_PRIVATE(tls13_kex_modes);
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/** Callback for printing debug output */
|
||||
void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
|
||||
@ -1361,9 +1361,9 @@ struct mbedtls_ssl_config
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
@ -1511,11 +1511,11 @@ struct mbedtls_ssl_context
|
||||
* This pointer owns the transform
|
||||
* it references. */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/*! The application data transform in TLS 1.3.
|
||||
* This pointer owns the transform it references. */
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/*
|
||||
* Timers
|
||||
@ -2753,7 +2753,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
|
||||
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/**
|
||||
* \brief Set the supported key exchange modes for TLS 1.3 connections.
|
||||
*
|
||||
@ -2798,7 +2798,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
||||
|
||||
void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
|
||||
const int kex_modes );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
|
||||
@ -3299,7 +3299,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
|
||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
const int *hashes );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/**
|
||||
* \brief Configure allowed signature algorithms for use in TLS 1.3
|
||||
*
|
||||
@ -3311,7 +3311,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
*/
|
||||
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||
const uint16_t* sig_algs );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
||||
@ -728,7 +728,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
|
||||
size_t *out_len, int point_format,
|
||||
@ -861,6 +861,6 @@ int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
/*
|
||||
* Setup context without Everest
|
||||
@ -50,7 +50,7 @@ int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t buf_len );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
#include "mps_reader.h"
|
||||
#include "mps_common.h"
|
||||
@ -561,4 +561,4 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
|
||||
MBEDTLS_MPS_TRACE_RETURN( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
#include "mps_common.h"
|
||||
|
||||
@ -124,4 +124,4 @@ void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty )
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_MPS_ENABLE_TRACE */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
@ -52,14 +52,14 @@ static const int ciphersuite_preference[] =
|
||||
#if defined(MBEDTLS_SSL_CIPHERSUITES)
|
||||
MBEDTLS_SSL_CIPHERSUITES,
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/* TLS 1.3 ciphersuites */
|
||||
MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
|
||||
MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/* Chacha-Poly ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
@ -292,7 +292,7 @@ static const int ciphersuite_preference[] =
|
||||
|
||||
static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
@ -336,7 +336,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
|
||||
0 },
|
||||
#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C) && \
|
||||
defined(MBEDTLS_SHA256_C) && \
|
||||
|
||||
@ -581,9 +581,9 @@ struct mbedtls_ssl_handshake_params
|
||||
/*
|
||||
* Handshake specific crypto variables
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
@ -715,12 +715,12 @@ struct mbedtls_ssl_handshake_params
|
||||
uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
|
||||
* Those pointers own the transforms they reference. */
|
||||
mbedtls_ssl_transform *transform_handshake;
|
||||
mbedtls_ssl_transform *transform_earlydata;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/*
|
||||
* Checksum contexts
|
||||
@ -742,7 +742,7 @@ struct mbedtls_ssl_handshake_params
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
uint16_t offered_group_id; /* The NamedGroup value for the group
|
||||
* that is being used for ephemeral
|
||||
* key exchange.
|
||||
@ -750,7 +750,7 @@ struct mbedtls_ssl_handshake_params
|
||||
* On the client: Defaults to the first
|
||||
* entry in the client's group list,
|
||||
* but can be overwritten by the HRR. */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/*
|
||||
* State-local variables used during the processing
|
||||
@ -790,7 +790,7 @@ struct mbedtls_ssl_handshake_params
|
||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||
/*!< premaster secret */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
int extensions_present; /*!< extension presence; Each bitfield
|
||||
represents an extension and defined
|
||||
as \c MBEDTLS_SSL_EXT_XXX */
|
||||
@ -803,7 +803,7 @@ struct mbedtls_ssl_handshake_params
|
||||
} tls13_master_secrets;
|
||||
|
||||
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
/** Asynchronous operation context. This field is meant for use by the
|
||||
@ -1477,7 +1477,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
|
||||
* ssl utils functions for checking configuration.
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
|
||||
{
|
||||
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||
@ -1489,7 +1489,7 @@ static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
|
||||
@ -1505,7 +1505,7 @@ static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
|
||||
{
|
||||
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||
@ -1517,9 +1517,9 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
|
||||
@ -1711,7 +1711,7 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/* Get handshake transcript */
|
||||
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
||||
|
||||
@ -293,8 +293,7 @@ static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||
* Encryption/decryption functions
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
static size_t ssl_compute_padding_length( size_t len,
|
||||
size_t granularity )
|
||||
@ -376,8 +375,7 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID ||
|
||||
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
|
||||
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
|
||||
@ -422,7 +420,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||
unsigned char *cur = add_data;
|
||||
size_t ad_len_field = rec->data_len;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
|
||||
@ -431,7 +429,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||
ad_len_field += taglen;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
{
|
||||
((void) minor_ver);
|
||||
((void) taglen);
|
||||
@ -593,7 +591,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
* since they apply to different versions of the protocol. There
|
||||
* is hence no risk of double-addition of the inner plaintext.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
size_t padding =
|
||||
@ -610,7 +608,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
|
||||
rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
/*
|
||||
@ -1459,7 +1457,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
/* Remove inner padding and infer true content type. */
|
||||
@ -1469,7 +1467,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
if( ret != 0 )
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
if( rec->cid_len != 0 )
|
||||
@ -2325,12 +2323,12 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||
/* Skip writing the record content type to after the encryption,
|
||||
* as it may change when using the CID extension. */
|
||||
int minor_ver = ssl->minor_ver;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/* TLS 1.3 still uses the TLS 1.2 version identifier
|
||||
* for backwards compatibility. */
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
|
||||
ssl->conf->transport, ssl->out_hdr + 1 );
|
||||
|
||||
@ -3340,14 +3338,14 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
||||
* as unencrypted. The only thing we do with them is
|
||||
* check the length and content and ignore them.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( ssl->transform_in != NULL &&
|
||||
ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
|
||||
done = 1;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
if( !done && ssl->transform_in != NULL )
|
||||
{
|
||||
@ -4400,7 +4398,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
|
||||
@ -4413,7 +4411,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
}
|
||||
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
|
||||
|
||||
@ -720,14 +720,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
||||
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
/* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
|
||||
* generation separate. This should never happen. */
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/*
|
||||
* Get various info structures
|
||||
@ -3166,7 +3166,7 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
|
||||
|
||||
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
|
||||
{
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
@ -3187,7 +3187,7 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
|
||||
@ -3574,13 +3574,13 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
|
||||
conf->ciphersuite_list = ciphersuites;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
|
||||
const int kex_modes )
|
||||
{
|
||||
conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
|
||||
@ -3968,14 +3968,14 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
conf->sig_hashes = hashes;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/* Configure allowed signature algorithms for use in TLS 1.3 */
|
||||
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||
const uint16_t* sig_algs )
|
||||
{
|
||||
conf->tls13_sig_algs = sig_algs;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
@ -5219,10 +5219,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
|
||||
ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
|
||||
@ -5233,10 +5233,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
|
||||
ret = mbedtls_ssl_tls13_handshake_server_step( ssl );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
|
||||
@ -5556,12 +5556,12 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||
psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||
#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_transform_free( handshake->transform_handshake );
|
||||
mbedtls_ssl_transform_free( handshake->transform_earlydata );
|
||||
mbedtls_free( handshake->transform_earlydata );
|
||||
mbedtls_free( handshake->transform_handshake );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
@ -6257,10 +6257,10 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||
mbedtls_free( ssl->session_negotiate );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_transform_free( ssl->transform_application );
|
||||
mbedtls_free( ssl->transform_application );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
if( ssl->session )
|
||||
{
|
||||
@ -6361,7 +6361,7 @@ static int ssl_preset_suiteb_hashes[] = {
|
||||
MBEDTLS_MD_NONE
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
static uint16_t ssl_preset_default_sig_algs[] = {
|
||||
/* ECDSA algorithms */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
@ -6404,7 +6404,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
||||
|
||||
MBEDTLS_TLS1_3_SIG_NONE
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif
|
||||
|
||||
static uint16_t ssl_preset_suiteb_groups[] = {
|
||||
@ -6495,12 +6495,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/*
|
||||
* Allow all TLS 1.3 key exchange modes by default.
|
||||
*/
|
||||
conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/*
|
||||
* Preset-specific defaults
|
||||
@ -6524,9 +6524,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
conf->sig_hashes = ssl_preset_suiteb_hashes;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
@ -6562,9 +6562,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
conf->sig_hashes = ssl_preset_default_hashes;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
conf->tls13_sig_algs = ssl_preset_default_sig_algs;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
|
||||
@ -1790,4 +1790,4 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C)
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
#include <string.h>
|
||||
|
||||
@ -1196,6 +1196,6 @@ cleanup:
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
@ -1248,4 +1248,4 @@ int mbedtls_ssl_tls13_generate_application_keys(
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
@ -40,4 +40,4 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
@ -268,7 +268,7 @@ int main( void )
|
||||
#define USAGE_CURVES ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#define USAGE_SIG_ALGS \
|
||||
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
||||
@ -343,13 +343,13 @@ int main( void )
|
||||
#define USAGE_SERIALIZATION ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
|
||||
" tls13_kex_modes=%%s default: all\n" \
|
||||
" options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
|
||||
#else
|
||||
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/* USAGE is arbitrarily split to stay under the portable string literal
|
||||
* length limit: 4095 bytes in C99. */
|
||||
@ -413,11 +413,11 @@ int main( void )
|
||||
USAGE_DHMLEN \
|
||||
"\n"
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#define TLS1_3_VERSION_OPTIONS ", tls13"
|
||||
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#else /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#define TLS1_3_VERSION_OPTIONS ""
|
||||
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#define USAGE4 \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
@ -471,9 +471,9 @@ struct options
|
||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||
int ec_max_ops; /* EC consecutive operations limit */
|
||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
int renegotiation; /* enable / disable renegotiation */
|
||||
int allow_legacy; /* allow legacy renegotiation */
|
||||
int renegotiate; /* attempt renegotiation? */
|
||||
@ -653,11 +653,10 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_net_context server_fd;
|
||||
io_ctx_t io_ctx;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
unsigned char buf[MAX_REQUEST_SIZE + 1];
|
||||
|
||||
@ -840,9 +839,9 @@ int main( int argc, char *argv[] )
|
||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||
opt.ec_max_ops = DFL_EC_MAX_OPS;
|
||||
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
opt.renegotiation = DFL_RENEGOTIATION;
|
||||
opt.allow_legacy = DFL_ALLOW_LEGACY;
|
||||
opt.renegotiate = DFL_RENEGOTIATE;
|
||||
@ -1093,12 +1092,11 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "curves" ) == 0 )
|
||||
opt.curves = q;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
else if( strcmp( p, "sig_algs" ) == 0 )
|
||||
opt.sig_algs = q;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
else if( strcmp( p, "etm" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
@ -1108,7 +1106,7 @@ int main( int argc, char *argv[] )
|
||||
default: goto usage;
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( p, "tls13_kex_modes" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "psk" ) == 0 )
|
||||
@ -1125,16 +1123,16 @@ int main( int argc, char *argv[] )
|
||||
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
else goto usage;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
else if( strcmp( p, "min_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls12" ) == 0 ||
|
||||
strcmp( q, "dtls12" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( q, "tls13" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
@ -1143,10 +1141,10 @@ int main( int argc, char *argv[] )
|
||||
if( strcmp( q, "tls12" ) == 0 ||
|
||||
strcmp( q, "dtls12" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( q, "tls13" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
@ -1172,13 +1170,13 @@ int main( int argc, char *argv[] )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( q, "tls13" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
@ -1504,7 +1502,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( opt.sig_algs != NULL )
|
||||
{
|
||||
@ -1565,8 +1563,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
@ -1866,9 +1863,9 @@ int main( int argc, char *argv[] )
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
|
||||
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
|
||||
@ -1907,10 +1904,10 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( opt.sig_algs != NULL )
|
||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
@ -425,7 +425,7 @@ int main( void )
|
||||
#define USAGE_CURVES ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#define USAGE_SIG_ALGS \
|
||||
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
||||
@ -448,13 +448,13 @@ int main( void )
|
||||
#define USAGE_SERIALIZATION ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
|
||||
" tls13_kex_modes=%%s default: all\n" \
|
||||
" options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
|
||||
#else
|
||||
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
|
||||
/* USAGE is arbitrarily split to stay under the portable string literal
|
||||
@ -513,11 +513,11 @@ int main( void )
|
||||
USAGE_SIG_ALGS \
|
||||
"\n"
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#define TLS1_3_VERSION_OPTIONS ", tls13"
|
||||
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#else /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#define TLS1_3_VERSION_OPTIONS ""
|
||||
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#define USAGE4 \
|
||||
USAGE_SSL_ASYNC \
|
||||
@ -594,9 +594,9 @@ struct options
|
||||
char *psk_list; /* list of PSK id/key pairs for callback */
|
||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
int renegotiation; /* enable / disable renegotiation */
|
||||
int allow_legacy; /* allow legacy renegotiation */
|
||||
int renegotiate; /* attempt renegotiation? */
|
||||
@ -1364,11 +1364,10 @@ int main( int argc, char *argv[] )
|
||||
size_t context_buf_len = 0;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
int i;
|
||||
char *p, *q;
|
||||
@ -1521,9 +1520,9 @@ int main( int argc, char *argv[] )
|
||||
opt.psk_list = DFL_PSK_LIST;
|
||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
opt.renegotiation = DFL_RENEGOTIATION;
|
||||
opt.allow_legacy = DFL_ALLOW_LEGACY;
|
||||
opt.renegotiate = DFL_RENEGOTIATE;
|
||||
@ -1716,12 +1715,11 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
else if( strcmp( p, "curves" ) == 0 )
|
||||
opt.curves = q;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
else if( strcmp( p, "sig_algs" ) == 0 )
|
||||
opt.sig_algs = q;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && && \
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
else if( strcmp( p, "renegotiation" ) == 0 )
|
||||
{
|
||||
opt.renegotiation = (atoi( q )) ?
|
||||
@ -1771,7 +1769,7 @@ int main( int argc, char *argv[] )
|
||||
if( opt.exchanges < 0 )
|
||||
goto usage;
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( p, "tls13_kex_modes" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "psk" ) == 0 )
|
||||
@ -1788,17 +1786,17 @@ int main( int argc, char *argv[] )
|
||||
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
else goto usage;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
else if( strcmp( p, "min_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls12" ) == 0 ||
|
||||
strcmp( q, "dtls12" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( q, "tls13" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
@ -1807,10 +1805,10 @@ int main( int argc, char *argv[] )
|
||||
if( strcmp( q, "tls12" ) == 0 ||
|
||||
strcmp( q, "dtls12" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( q, "tls13" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
@ -1836,13 +1834,13 @@ int main( int argc, char *argv[] )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
else if( strcmp( q, "tls13" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
@ -2248,7 +2246,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( opt.sig_algs != NULL )
|
||||
{
|
||||
@ -2299,8 +2297,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
@ -2767,9 +2764,9 @@ int main( int argc, char *argv[] )
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
|
||||
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
|
||||
@ -2911,10 +2908,10 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( opt.sig_algs != NULL )
|
||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1531,7 +1531,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
|
||||
scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
@ -1867,8 +1867,8 @@ component_build_psa_accel_alg_hkdf() {
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_HKDF_C
|
||||
# Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it.
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
}
|
||||
@ -2724,69 +2724,69 @@ component_build_armcc () {
|
||||
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
|
||||
}
|
||||
|
||||
component_test_tls13_experimental () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
component_test_tls13 () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
make test
|
||||
msg "ssl-opt.sh (TLS 1.3 experimental)"
|
||||
msg "ssl-opt.sh (TLS 1.3)"
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_tls13_experimental_no_compatibility_mode () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
component_test_tls13_no_compatibility_mode () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding"
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
|
||||
make test
|
||||
msg "ssl-opt.sh (TLS 1.3 experimental)"
|
||||
msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_tls13_experimental_with_padding () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
component_test_tls13_with_padding () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding"
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding"
|
||||
make test
|
||||
msg "ssl-opt.sh (TLS 1.3 experimental)"
|
||||
msg "ssl-opt.sh (TLS 1.3 with padding)"
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_tls13_experimental_with_ecp_restartable () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
component_test_tls13_with_ecp_restartable () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
scripts/config.py set MBEDTLS_ECP_RESTARTABLE
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable"
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable"
|
||||
make test
|
||||
msg "ssl-opt.sh (TLS 1.3 experimental)"
|
||||
msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)"
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_tls13_experimental_with_everest () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
component_test_tls13_with_everest () {
|
||||
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest"
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest"
|
||||
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest"
|
||||
make test
|
||||
msg "ssl-opt.sh (TLS 1.3 experimental)"
|
||||
msg "ssl-opt.sh (TLS 1.3 with everest)"
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
|
||||
@ -278,7 +278,7 @@ class MbedTLSCli(TLSProgram):
|
||||
def pre_checks(self):
|
||||
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
|
||||
'requires_config_enabled MBEDTLS_SSL_CLI_C',
|
||||
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL',
|
||||
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3',
|
||||
'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO']
|
||||
|
||||
if self._compat_mode:
|
||||
|
||||
@ -1697,32 +1697,32 @@ run_test "SHA-256 allowed by default in client certificate" \
|
||||
# Dummy TLS 1.3 test
|
||||
# Currently only checking that passing TLS 1.3 key exchange modes to
|
||||
# ssl_client2/ssl_server2 example programs works.
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \
|
||||
"$P_SRV tls13_kex_modes=psk" \
|
||||
"$P_CLI tls13_kex_modes=psk" \
|
||||
0
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral" \
|
||||
"$P_CLI tls13_kex_modes=psk_ephemeral" \
|
||||
0
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \
|
||||
"$P_SRV tls13_kex_modes=ephemeral" \
|
||||
"$P_CLI tls13_kex_modes=ephemeral" \
|
||||
0
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \
|
||||
"$P_SRV tls13_kex_modes=ephemeral_all" \
|
||||
"$P_CLI tls13_kex_modes=ephemeral_all" \
|
||||
0
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \
|
||||
"$P_SRV tls13_kex_modes=psk_all" \
|
||||
"$P_CLI tls13_kex_modes=psk_all" \
|
||||
0
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
run_test "TLS 1.3, key exchange mode parameter passing: All" \
|
||||
"$P_SRV tls13_kex_modes=all" \
|
||||
"$P_CLI tls13_kex_modes=all" \
|
||||
@ -8790,7 +8790,7 @@ run_test "TLS 1.3: Test gnutls tls1_3 feature" \
|
||||
# TLS1.3 test cases
|
||||
# TODO: remove or rewrite this test case if #4832 is resolved.
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
skip_handshake_stage_check
|
||||
run_test "TLS 1.3: Not supported version check: tls12 and tls13" \
|
||||
"$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \
|
||||
@ -8802,7 +8802,7 @@ run_test "TLS 1.3: Not supported version check: tls12 and tls13" \
|
||||
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
run_test "TLS 1.3: handshake dispatch test: tls13 only" \
|
||||
"$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \
|
||||
"$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \
|
||||
@ -8811,7 +8811,7 @@ run_test "TLS 1.3: handshake dispatch test: tls13 only" \
|
||||
-c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST"
|
||||
|
||||
requires_openssl_tls1_3
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -8844,7 +8844,7 @@ run_test "TLS 1.3: minimal feature sets - openssl" \
|
||||
|
||||
requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -8876,7 +8876,7 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \
|
||||
-c "<= parse finished message" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
skip_handshake_stage_check
|
||||
@ -8890,7 +8890,7 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.0" \
|
||||
-S "Version: TLS1.0" \
|
||||
-C "Protocol is TLSv1.0"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
skip_handshake_stage_check
|
||||
@ -8904,7 +8904,7 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.1" \
|
||||
-S "Version: TLS1.1" \
|
||||
-C "Protocol is TLSv1.1"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
skip_handshake_stage_check
|
||||
@ -8918,7 +8918,7 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.2" \
|
||||
-S "Version: TLS1.2" \
|
||||
-C "Protocol is TLSv1.2"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
skip_handshake_stage_check
|
||||
@ -8932,7 +8932,7 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.0" \
|
||||
-S "Version: TLS1.0" \
|
||||
-C "Protocol : TLSv1.0"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
skip_handshake_stage_check
|
||||
@ -8946,7 +8946,7 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.1" \
|
||||
-S "Version: TLS1.1" \
|
||||
-C "Protocol : TLSv1.1"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
skip_handshake_stage_check
|
||||
@ -8961,7 +8961,7 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \
|
||||
-C "Protocol : TLSv1.2"
|
||||
|
||||
requires_openssl_tls1_3
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -8974,7 +8974,7 @@ run_test "TLS 1.3: CertificateRequest check - openssl" \
|
||||
|
||||
requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -8985,7 +8985,7 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \
|
||||
1 \
|
||||
-c "CertificateRequest not supported"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -9001,7 +9001,7 @@ run_test "TLS 1.3: HelloRetryRequest check - openssl" \
|
||||
|
||||
requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -9021,7 +9021,7 @@ do
|
||||
done
|
||||
|
||||
requires_openssl_tls1_3
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -9033,7 +9033,7 @@ run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
|
||||
-c "HTTP/1.0 200 ok"
|
||||
|
||||
requires_openssl_tls1_3
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -9047,7 +9047,7 @@ run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
|
||||
requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_gnutls_next_disable_tls13_compat
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
@ -9060,7 +9060,7 @@ run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \
|
||||
|
||||
requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
* depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
* depends_on:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
|
||||
@ -2363,7 +2363,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, AES-128-GCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, AES-128-GCM, 1.2, CID 4+4
|
||||
@ -2391,7 +2391,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, AES-192-GCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, AES-192-GCM, 1.2, CID 4+4
|
||||
@ -2419,7 +2419,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, AES-256-GCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, AES-256-GCM, 1.2, CID 4+4
|
||||
@ -2519,7 +2519,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, AES-128-CCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, AES-128-CCM, 1.2, CID 4+4
|
||||
@ -2547,7 +2547,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, AES-192-CCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, AES-192-CCM, 1.2, CID 4+4
|
||||
@ -2575,7 +2575,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, AES-256-CCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, AES-256-CCM, 1.2, CID 4+4
|
||||
@ -2739,7 +2739,7 @@ depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, ChachaPoly, 1.3
|
||||
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, ChachaPoly
|
||||
@ -2747,7 +2747,7 @@ depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, little space, ChachaPoly, 1.3
|
||||
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, ChachaPoly, CID 4+4
|
||||
@ -4491,7 +4491,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, little space, AES-128-GCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, AES-128-GCM, 1.2, CID 4+4
|
||||
@ -4519,7 +4519,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, little space, AES-192-GCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, AES-192-GCM, 1.2, CID 4+4
|
||||
@ -4547,7 +4547,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, little space, AES-256-GCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, AES-256-GCM, 1.2, CID 4+4
|
||||
@ -4647,7 +4647,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, little space, AES-128-CCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, AES-128-CCM, 1.2, CID 4+4
|
||||
@ -4675,7 +4675,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, little space, AES-192-CCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, AES-192-CCM, 1.2, CID 4+4
|
||||
@ -4703,7 +4703,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
|
||||
|
||||
Record crypt, little space, AES-256-CCM, 1.3
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
|
||||
|
||||
Record crypt, little space, AES-256-CCM, 1.2, CID 4+4
|
||||
@ -5889,7 +5889,7 @@ ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255
|
||||
SSL TLS 1.3 Key schedule: Secret evolution #1
|
||||
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
|
||||
# Initial secret to Early Secret
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Secret evolution #2
|
||||
|
||||
@ -1323,14 +1323,14 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
|
||||
{
|
||||
case MBEDTLS_MODE_GCM:
|
||||
case MBEDTLS_MODE_CCM:
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
t_out->fixed_ivlen = 12;
|
||||
t_in->fixed_ivlen = 12;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
{
|
||||
t_out->fixed_ivlen = 4;
|
||||
t_in->fixed_ivlen = 4;
|
||||
@ -3254,7 +3254,7 @@ void ssl_crypt_record( int cipher_type, int hash_id,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
/* TLS 1.3 hides the real content type and
|
||||
@ -3262,7 +3262,7 @@ void ssl_crypt_record( int cipher_type, int hash_id,
|
||||
* for protected records. Double-check this. */
|
||||
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/* Decrypt record with t_dec */
|
||||
ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
|
||||
@ -3418,7 +3418,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
/* TLS 1.3 hides the real content type and
|
||||
@ -3426,7 +3426,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
|
||||
* for protected records. Double-check this. */
|
||||
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
/* Decrypt record with t_dec */
|
||||
TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
|
||||
@ -3669,7 +3669,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_hkdf_expand_label( int hash_alg,
|
||||
data_t *secret,
|
||||
int label_idx,
|
||||
@ -3707,7 +3707,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_traffic_key_generation( int hash_alg,
|
||||
data_t *server_secret,
|
||||
data_t *client_secret,
|
||||
@ -3754,7 +3754,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_derive_secret( int hash_alg,
|
||||
data_t *secret,
|
||||
int label_idx,
|
||||
@ -3794,7 +3794,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_derive_early_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
@ -3824,7 +3824,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_derive_handshake_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
@ -3854,7 +3854,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_derive_application_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
@ -3888,7 +3888,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_derive_resumption_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
@ -3914,7 +3914,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_create_psk_binder( int hash_alg,
|
||||
data_t *psk,
|
||||
int psk_type,
|
||||
@ -3944,7 +3944,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_record_protection( int ciphersuite,
|
||||
int endpoint,
|
||||
int ctr,
|
||||
@ -4042,7 +4042,7 @@ void ssl_tls13_record_protection( int ciphersuite,
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_key_evolution( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *input,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user