yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build

Browse source 
TLS1.3:Enable tls13 only build
This commit is contained in:
Paul Elliott 2022-02-21 11:22:37 +00:00 committed by GitHub
commit 436b72690d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 3906 additions and 3214 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
docs/architecture/tls13-support.md
View file

@ -120,7 +120,19 @@ MVP definition
the three first ones in the list above are mandatory (see section 9.1 of the
specification).
- Supported versions: only TLS 1.3, version negotiation is not supported.
- Supported versions:
- TLS 1.2 and TLS 1.3 but version negotiation is not supported.
- TLS 1.3 cannot be enabled in the build (MBEDTLS_SSL_PROTO_TLS1_3
configuration option) without TLS 1.2 (MBEDTLS_SSL_PROTO_TLS1_2 configuration
option).
- TLS 1.2 can be enabled in the build independently of TLS 1.3.
- If both TLS 1.3 and TLS 1.2 are enabled at build time, only one of them can
be configured at runtime via `mbedtls_ssl_conf_{min,max}_version`. Otherwise,
`mbedtls_ssl_setup` will raise `MBEDTLS_ERR_SSL_BAD_CONFIG` error.
- Compatibility with existing SSL/TLS build options:

3
include/mbedtls/check_config.h
View file

@ -643,7 +643,8 @@
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SSL_TLS_C) && \
!( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
#endif

92
library/ssl_cli.c
View file

@ -19,7 +19,7 @@
#include "common.h"
#if defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@ -90,76 +90,6 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
size_t *olen )
{
unsigned char *p = buf;
size_t hostname_len;
*olen = 0;
if( ssl->hostname == NULL )
return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, adding server name extension: %s",
ssl->hostname ) );
hostname_len = strlen( ssl->hostname );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
/*
* Sect. 3, RFC 6066 (TLS Extensions Definitions)
*
* In order to provide any of the server names, clients MAY include an
* extension of type "server_name" in the (extended) client hello. The
* "extension_data" field of this extension SHALL contain
* "ServerNameList" where:
*
* struct {
* NameType name_type;
* select (name_type) {
* case host_name: HostName;
* } name;
* } ServerName;
*
* enum {
* host_name(0), (255)
* } NameType;
*
* opaque HostName<1..2^16-1>;
*
* struct {
* ServerName server_name_list<1..2^16-1>
* } ServerNameList;
*
*/
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
p += 2;
MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
p += 2;
MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
p += 2;
*p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
p += 2;
memcpy( p, ssl->hostname, hostname_len );
*olen = hostname_len + 9;
return( 0 );
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@ -1028,8 +958,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ( ret = mbedtls_ssl_write_sig_alg_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
@ -1037,7 +966,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
return( ret );
}
ext_len += olen;
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@ -2573,13 +2502,11 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( len_bytes == 2 )
{
MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
*olen += 2;
}
#endif
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it. */
@ -2590,7 +2517,6 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@ -2655,7 +2581,6 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@ -2940,7 +2865,6 @@ start_processing:
/*
* Handle the digitally-signed structure
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
if( ssl_parse_signature_algorithm( ssl, &p, end,
@ -2968,7 +2892,6 @@ start_processing:
}
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -3005,7 +2928,6 @@ start_processing:
/*
* Compute the hash that has been signed
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@ -3015,7 +2937,6 @@ start_processing:
return( ret );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -3211,7 +3132,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
}
/* supported_signature_algorithms */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
size_t sig_alg_len =
@ -3257,7 +3177,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
n += 2 + sig_alg_len;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* certificate_authorities */
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
@ -3816,7 +3735,6 @@ sign:
ssl->handshake->calc_verify( ssl, hash, &hashlen );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
/*
@ -3852,7 +3770,6 @@ sign:
offset = 2;
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -4136,4 +4053,5 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
return( ret );
}
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */

13
library/ssl_misc.h
View file

@ -79,7 +79,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
@ -87,7 +89,9 @@
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@ -748,7 +752,6 @@ struct mbedtls_ssl_handshake_params
/*
* Checksum contexts
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
@ -763,7 +766,6 @@ struct mbedtls_ssl_handshake_params
mbedtls_sha512_context fin_sha512;
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint16_t offered_group_id; /* The NamedGroup value for the group
@ -1138,7 +1140,10 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );

53
library/ssl_srv.c
View file

@ -19,7 +19,7 @@
#include "common.h"
#if defined(MBEDTLS_SSL_SRV_C)
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@ -224,8 +224,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
return( 0 );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Status of the implementation of signature-algorithms extension:
@ -313,8 +312,7 @@ static int ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@ -1054,8 +1052,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
{
const mbedtls_ssl_ciphersuite_t *suite_info;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_pk_type_t sig_type;
#endif
@ -1115,8 +1112,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* If the ciphersuite requires signing, check whether
* a suitable hash algorithm is present. */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
@ -1131,8 +1127,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
}
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
@ -1178,11 +1173,9 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
/* If there is no signature-algorithm extension present,
* we need to fall back to the default values for allowed
* signature-hash pairs. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
int sig_hash_alg_ext_present = 0;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@ -1670,8 +1663,7 @@ read_record_header:
return( ret );
break;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_TLS_EXT_SIG_ALG:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
@ -1681,8 +1673,7 @@ read_record_header:
sig_hash_alg_ext_present = 1;
break;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@ -1794,8 +1785,7 @@ read_record_header:
ext += 4 + ext_size;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Try to fall back to default hash SHA1 if the client
@ -1815,8 +1805,7 @@ read_record_header:
md_default );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@ -1956,7 +1945,6 @@ have_ciphersuite:
/* Debugging-only output for testsuite */
#if defined(MBEDTLS_DEBUG_C) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
@ -2794,7 +2782,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
p += ct_len;
sa_len = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Add signature_algorithms for verify (TLS 1.2)
*
@ -2834,7 +2822,6 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
sa_len += 2;
p += sa_len;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/*
* DistinguishedName certificate_authorities<0..2^16-1>;
@ -3167,7 +3154,6 @@ curve_matching_done:
mbedtls_md_type_t md_alg;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t sig_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
@ -3189,14 +3175,12 @@ curve_matching_done:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
/*
* 2.2: Compute the hash to be signed
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@ -3207,7 +3191,6 @@ curve_matching_done:
return( ret );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -3218,7 +3201,6 @@ curve_matching_done:
/*
* 2.3: Compute and add the signature
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
/*
@ -3242,7 +3224,6 @@ curve_matching_done:
ssl->out_msg[ssl->out_msglen++] =
mbedtls_ssl_sig_from_pk_alg( sig_alg );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL )
@ -3522,7 +3503,6 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
/*
* Prepare to decrypt the premaster using own private RSA key
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if ( p + 2 > end ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@ -3533,7 +3513,6 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
#endif
if( p + len != end )
{
@ -4063,9 +4042,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
unsigned char hash[48];
unsigned char *hash_start = hash;
size_t hashlen;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t pk_alg;
#endif
mbedtls_md_type_t md_alg;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
@ -4133,7 +4110,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
* opaque signature<0..2^16-1>;
* } DigitallySigned;
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
if( i + 2 > ssl->in_hslen )
@ -4187,7 +4163,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
i++;
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -4406,4 +4381,4 @@ void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order )
conf->respect_cli_pref = order;
}
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_2 */

6176
library/ssl_tls.c
View file

File diff suppressed because it is too large Load diff

8
library/ssl_tls13_client.c
View file

@ -21,9 +21,7 @@
#include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <string.h>
@ -2059,6 +2057,6 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
return( ret );
}
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

8
library/ssl_tls13_generic.c
View file

@ -19,9 +19,7 @@
#include "common.h"
#if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <string.h>
@ -1276,6 +1274,4 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_TLS_C */
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */

8
library/ssl_tls13_server.c
View file

@ -19,9 +19,7 @@
#include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_SRV_C)
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "mbedtls/debug.h"
@ -38,6 +36,4 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */

34
tests/configs/tls13-only.h Normal file
View file

@ -0,0 +1,34 @@
/* MBEDTLS_USER_CONFIG_FILE for testing.
* Only used for a few test configurations.
*
* Typical usage (note multiple levels of quoting):
* make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define MBEDTLS_SSL_PROTO_TLS1_3
#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_PROTO_TLS1_2
#undef MBEDTLS_SSL_PROTO_DTLS
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE

11
tests/scripts/all.sh
View file

@ -2705,6 +2705,17 @@ component_build_armcc () {
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
}
component_test_tls13_only () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2"
if_build_succeeded make test
msg "ssl-opt.sh (TLS 1.3)"
if_build_succeeded tests/ssl-opt.sh
}
component_test_tls13 () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3

604
tests/ssl-opt.sh
View file

File diff suppressed because it is too large Load diff

86
tests/suites/test_suite_ssl.data
View file

@ -104,111 +104,147 @@ Test mbedtls_endpoint sanity for the server
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER
Test moving clients handshake to state: HELLO_REQUEST
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1
Test moving clients handshake to state: CLIENT_HELLO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving clients handshake to state: SERVER_HELLO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
Test moving clients handshake to state: SERVER_CERTIFICATE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving clients handshake to state: SERVER_KEY_EXCHANGE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_REQUEST
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving clients handshake to state: SERVER_HELLO_DONE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving clients handshake to state: CLIENT_CERTIFICATE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_VERIFY
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: CLIENT_FINISHED
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: SERVER_FINISHED
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving clients handshake to state: FLUSH_BUFFERS
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving clients handshake to state: HANDSHAKE_WRAPUP
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving clients handshake to state: HANDSHAKE_OVER
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
Test moving servers handshake to state: HELLO_REQUEST
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1
Test moving servers handshake to state: CLIENT_HELLO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving servers handshake to state: SERVER_HELLO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
Test moving servers handshake to state: SERVER_CERTIFICATE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving servers handshake to state: SERVER_KEY_EXCHANGE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_REQUEST
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving servers handshake to state: SERVER_HELLO_DONE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving servers handshake to state: CLIENT_CERTIFICATE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_VERIFY
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: CLIENT_FINISHED
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: SERVER_FINISHED
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving servers handshake to state: FLUSH_BUFFERS
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving servers handshake to state: HANDSHAKE_WRAPUP
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving servers handshake to state: HANDSHAKE_OVER
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0
Negative test moving servers ssl to state: NEW_SESSION_TICKET
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
Handshake, tls1_2
@ -272,9 +308,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
handshake_serialization
DTLS Handshake fragmentation, MFL=512
depends_on:MBEDTLS_SSL_PROTO_DTLS
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1
DTLS Handshake fragmentation, MFL=1024
depends_on:MBEDTLS_SSL_PROTO_DTLS
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
Handshake min/max version check, all -> 1.2
@ -619,15 +657,19 @@ SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
ssl_set_hostname_twice:"server0":"server1"
SSL session serialization: Wrong major version
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:1:0:0:0
SSL session serialization: Wrong minor version
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:1:0:0
SSL session serialization: Wrong patch version
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:1:0
SSL session serialization: Wrong config
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:0:1
Record crypt, AES-128-CBC, 1.2, SHA-384
@ -4609,95 +4651,99 @@ depends_on:!MBEDTLS_SHA256_C
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Session serialization, save-load: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:""
Session serialization, save-load: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:""
Session serialization, save-load: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:""
Session serialization, save-load: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:"data_files/server5.crt"
Session serialization, save-load: small ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:"data_files/server5.crt"
Session serialization, save-load: large ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:"data_files/server5.crt"
Session serialization, load-save: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:""
Session serialization, load-save: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:42:""
Session serialization, load-save: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:1023:""
Session serialization, load-save: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:"data_files/server5.crt"
Session serialization, load-save: small ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:42:"data_files/server5.crt"
Session serialization, load-save: large ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:1023:"data_files/server5.crt"
Session serialization, save buffer size: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:""
Session serialization, save buffer size: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:42:""
Session serialization, save buffer size: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:1023:""
Session serialization, save buffer size: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt"
Session serialization, save buffer size: small ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt"
Session serialization, save buffer size: large ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt"
Session serialization, load buffer size: no ticket, no cert
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_buf_size:0:""
Session serialization, load buffer size: small ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:42:""
Session serialization, load buffer size: large ticket, no cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:1023:""
Session serialization, load buffer size: no ticket, cert
depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt"
Session serialization, load buffer size: small ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt"
Session serialization, load buffer size: large ticket, cert
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt"
Constant-flow HMAC: MD5

10
tests/suites/test_suite_ssl.function
View file

@ -1187,6 +1187,7 @@ int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl,
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
@ -1227,6 +1228,7 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
iv, iv_len, input, ilen, output, olen );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
@ -4301,7 +4303,7 @@ void ssl_tls13_key_evolution( int hash_alg,
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */
void ssl_tls_prf( int type, data_t * secret, data_t * random,
char *label, data_t *result_str, int exp_ret )
{
@ -5139,9 +5141,13 @@ void conf_curve()
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_ssl_conf_max_version( &conf, 3, 3 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 );
#else
mbedtls_ssl_conf_max_version( &conf, 3, 4 );
mbedtls_ssl_conf_min_version( &conf, 3, 4 );
#endif
mbedtls_ssl_conf_curves( &conf, curve_list );
mbedtls_ssl_context ssl;