yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3

Browse source 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-12-08 16:57:54 +01:00
parent 7aa6fc1992
commit 6f135e1148
24 changed files with 442 additions and 454 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/mbedtls/check_config.h
View file

@ -598,11 +598,11 @@
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
( ( !defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_SHA256_C) && \ ( ( !defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_SHA256_C) && \
!defined(MBEDTLS_SHA512_C) ) \ !defined(MBEDTLS_SHA512_C) ) \
|| ( !defined(MBEDTLS_PSA_CRYPTO_C) ) ) || ( !defined(MBEDTLS_PSA_CRYPTO_C) ) )
#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites" #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \

26
include/mbedtls/mbedtls_config.h
View file

@ -1487,23 +1487,19 @@
#define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_PROTO_TLS1_2
/** /**
* \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL * \def MBEDTLS_SSL_PROTO_TLS1_3
* *
* This macro is used to selectively enable experimental parts * Enable support for TLS 1.3.
* of the code that contribute to the ongoing development of
* the prototype TLS 1.3 and DTLS 1.3 implementation, and provide
* no other purpose.
* *
* \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS, * \note The support for TLS 1.3 is not comprehensive yet, in particular
* and no feature exposed through this macro is part of the * pre-shared keys are not supported.
* public API. In particular, features under the control * See docs/architecture/tls13-support.md for a description of the TLS
* of this macro are experimental and don't come with any * 1.3 support that this option enables.
* stability guarantees. *
* Uncomment this macro to enable the support for TLS 1.3.
* *
* Uncomment this macro to enable experimental and partial
* functionality specific to TLS 1.3.
*/ */
//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL //#define MBEDTLS_SSL_PROTO_TLS1_3
/** /**
* \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@ -1521,8 +1517,8 @@
* recommended to set this option. * recommended to set this option.
* *
* Comment to disable compatibility mode for TLS 1.3. If * Comment to disable compatibility mode for TLS 1.3. If
* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL is not enabled, this option does not * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
* have any effect on the build. * effect on the build.
* *
*/ */
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE //#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE

32
include/mbedtls/ssl.h
View file

@ -250,7 +250,7 @@
*/ */
#define MBEDTLS_SSL_MAJOR_VERSION_3 3 #define MBEDTLS_SSL_MAJOR_VERSION_3 3
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */ #define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
@ -638,13 +638,13 @@ typedef enum
MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_HANDSHAKE_OVER,
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
} }
mbedtls_ssl_states; mbedtls_ssl_states;
@ -1154,7 +1154,7 @@ struct mbedtls_ssl_session
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets); mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
#endif #endif
}; };
@ -1175,14 +1175,14 @@ mbedtls_tls_prf_types;
typedef enum typedef enum
{ {
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0, MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET, MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET, MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET, MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET, MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET, MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET, MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
} mbedtls_ssl_key_export_type; } mbedtls_ssl_key_export_type;
/** /**
@ -1277,10 +1277,10 @@ struct mbedtls_ssl_config
/** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */ /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
const int *MBEDTLS_PRIVATE(ciphersuite_list); const int *MBEDTLS_PRIVATE(ciphersuite_list);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/** Allowed TLS 1.3 key exchange modes. */ /** Allowed TLS 1.3 key exchange modes. */
int MBEDTLS_PRIVATE(tls13_kex_modes); int MBEDTLS_PRIVATE(tls13_kex_modes);
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/** Callback for printing debug output */ /** Callback for printing debug output */
void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
@ -1361,9 +1361,9 @@ struct mbedtls_ssl_config
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */ const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif #endif
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
@ -1511,11 +1511,11 @@ struct mbedtls_ssl_context
* This pointer owns the transform * This pointer owns the transform
* it references. */ * it references. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/*! The application data transform in TLS 1.3. /*! The application data transform in TLS 1.3.
* This pointer owns the transform it references. */ * This pointer owns the transform it references. */
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application); mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* /*
* Timers * Timers
@ -2753,7 +2753,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites ); const int *ciphersuites );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/** /**
* \brief Set the supported key exchange modes for TLS 1.3 connections. * \brief Set the supported key exchange modes for TLS 1.3 connections.
* *
@ -2798,7 +2798,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf, void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config* conf,
const int kex_modes ); const int kex_modes );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
@ -3299,7 +3299,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes ); const int *hashes );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/** /**
* \brief Configure allowed signature algorithms for use in TLS 1.3 * \brief Configure allowed signature algorithms for use in TLS 1.3
* *
@ -3311,7 +3311,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
*/ */
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs ); const uint16_t* sig_algs );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)

4
library/ecdh.c
View file

@ -728,7 +728,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
#endif #endif
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
size_t *out_len, int point_format, size_t *out_len, int point_format,
@ -861,6 +861,6 @@ int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
#endif #endif
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */

4
library/ecdh_misc.h
View file

@ -27,7 +27,7 @@
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* /*
* Setup context without Everest * Setup context without Everest
@ -50,7 +50,7 @@ int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, const unsigned char *buf,
size_t buf_len ); size_t buf_len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */

4
library/mps_reader.c
View file

@ -21,7 +21,7 @@
#include "common.h" #include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "mps_reader.h" #include "mps_reader.h"
#include "mps_common.h" #include "mps_common.h"
@ -561,4 +561,4 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
MBEDTLS_MPS_TRACE_RETURN( 0 ); MBEDTLS_MPS_TRACE_RETURN( 0 );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

4
library/mps_trace.c
View file

@ -21,7 +21,7 @@
#include "common.h" #include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "mps_common.h" #include "mps_common.h"
@ -124,4 +124,4 @@ void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty )
} }
#endif /* MBEDTLS_MPS_ENABLE_TRACE */ #endif /* MBEDTLS_MPS_ENABLE_TRACE */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

8
library/ssl_ciphersuites.c
View file

@ -52,14 +52,14 @@ static const int ciphersuite_preference[] =
#if defined(MBEDTLS_SSL_CIPHERSUITES) #if defined(MBEDTLS_SSL_CIPHERSUITES)
MBEDTLS_SSL_CIPHERSUITES, MBEDTLS_SSL_CIPHERSUITES,
#else #else
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* TLS 1.3 ciphersuites */ /* TLS 1.3 ciphersuites */
MBEDTLS_TLS1_3_AES_128_GCM_SHA256, MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
MBEDTLS_TLS1_3_AES_256_GCM_SHA384, MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS1_3_AES_128_CCM_SHA256, MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Chacha-Poly ephemeral suites */ /* Chacha-Poly ephemeral suites */
MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@ -292,7 +292,7 @@ static const int ciphersuite_preference[] =
static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_C)
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
#if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_SHA384_C)
@ -336,7 +336,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4,
0 }, 0 },
#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C */ #endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_CHACHAPOLY_C) && \ #if defined(MBEDTLS_CHACHAPOLY_C) && \
defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_SHA256_C) && \

28
library/ssl_misc.h
View file

@ -581,9 +581,9 @@ struct mbedtls_ssl_handshake_params
/* /*
* Handshake specific crypto variables * Handshake specific crypto variables
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */ int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@ -715,12 +715,12 @@ struct mbedtls_ssl_handshake_params
uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages. /*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
* Those pointers own the transforms they reference. */ * Those pointers own the transforms they reference. */
mbedtls_ssl_transform *transform_handshake; mbedtls_ssl_transform *transform_handshake;
mbedtls_ssl_transform *transform_earlydata; mbedtls_ssl_transform *transform_earlydata;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* /*
* Checksum contexts * Checksum contexts
@ -742,7 +742,7 @@ struct mbedtls_ssl_handshake_params
#endif #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint16_t offered_group_id; /* The NamedGroup value for the group uint16_t offered_group_id; /* The NamedGroup value for the group
* that is being used for ephemeral * that is being used for ephemeral
* key exchange. * key exchange.
@ -750,7 +750,7 @@ struct mbedtls_ssl_handshake_params
* On the client: Defaults to the first * On the client: Defaults to the first
* entry in the client's group list, * entry in the client's group list,
* but can be overwritten by the HRR. */ * but can be overwritten by the HRR. */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* /*
* State-local variables used during the processing * State-local variables used during the processing
@ -790,7 +790,7 @@ struct mbedtls_ssl_handshake_params
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
/*!< premaster secret */ /*!< premaster secret */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int extensions_present; /*!< extension presence; Each bitfield int extensions_present; /*!< extension presence; Each bitfield
represents an extension and defined represents an extension and defined
as \c MBEDTLS_SSL_EXT_XXX */ as \c MBEDTLS_SSL_EXT_XXX */
@ -803,7 +803,7 @@ struct mbedtls_ssl_handshake_params
} tls13_master_secrets; } tls13_master_secrets;
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/** Asynchronous operation context. This field is meant for use by the /** Asynchronous operation context. This field is meant for use by the
@ -1477,7 +1477,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
* ssl utils functions for checking configuration. * ssl utils functions for checking configuration.
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
{ {
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
@ -1489,7 +1489,7 @@ static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf
} }
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
@ -1505,7 +1505,7 @@ static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf ) static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{ {
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 && if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
@ -1517,9 +1517,9 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
} }
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
@ -1711,7 +1711,7 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Get handshake transcript */ /* Get handshake transcript */
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,

30
library/ssl_msg.c
View file

@ -293,8 +293,7 @@ static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
* Encryption/decryption functions * Encryption/decryption functions
*/ */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static size_t ssl_compute_padding_length( size_t len, static size_t ssl_compute_padding_length( size_t len,
size_t granularity ) size_t granularity )
@ -376,8 +375,7 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3 */
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* `add_data` must have size 13 Bytes if the CID extension is disabled, /* `add_data` must have size 13 Bytes if the CID extension is disabled,
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */ * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
@ -422,7 +420,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
unsigned char *cur = add_data; unsigned char *cur = add_data;
size_t ad_len_field = rec->data_len; size_t ad_len_field = rec->data_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext, /* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
@ -431,7 +429,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
ad_len_field += taglen; ad_len_field += taglen;
} }
else else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
{ {
((void) minor_ver); ((void) minor_ver);
((void) taglen); ((void) taglen);
@ -593,7 +591,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* since they apply to different versions of the protocol. There * since they apply to different versions of the protocol. There
* is hence no risk of double-addition of the inner plaintext. * is hence no risk of double-addition of the inner plaintext.
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
size_t padding = size_t padding =
@ -610,7 +608,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA; rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* /*
@ -1459,7 +1457,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
/* Remove inner padding and infer true content type. */ /* Remove inner padding and infer true content type. */
@ -1469,7 +1467,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( rec->cid_len != 0 ) if( rec->cid_len != 0 )
@ -2325,12 +2323,12 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
/* Skip writing the record content type to after the encryption, /* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */ * as it may change when using the CID extension. */
int minor_ver = ssl->minor_ver; int minor_ver = ssl->minor_ver;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* TLS 1.3 still uses the TLS 1.2 version identifier /* TLS 1.3 still uses the TLS 1.2 version identifier
* for backwards compatibility. */ * for backwards compatibility. */
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
mbedtls_ssl_write_version( ssl->major_ver, minor_ver, mbedtls_ssl_write_version( ssl->major_ver, minor_ver,
ssl->conf->transport, ssl->out_hdr + 1 ); ssl->conf->transport, ssl->out_hdr + 1 );
@ -3340,14 +3338,14 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
* as unencrypted. The only thing we do with them is * as unencrypted. The only thing we do with them is
* check the length and content and ignore them. * check the length and content and ignore them.
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->transform_in != NULL && if( ssl->transform_in != NULL &&
ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
done = 1; done = 1;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
if( !done && ssl->transform_in != NULL ) if( !done && ssl->transform_in != NULL )
{ {
@ -4400,7 +4398,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
@ -4413,7 +4411,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
} }
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )

48
library/ssl_tls.c
View file

@ -720,14 +720,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
/* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
* generation separate. This should never happen. */ * generation separate. This should never happen. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* /*
* Get various info structures * Get various info structures
@ -3166,7 +3166,7 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl ) static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
{ {
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
@ -3187,7 +3187,7 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) ) if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
@ -3574,13 +3574,13 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
conf->ciphersuite_list = ciphersuites; conf->ciphersuite_list = ciphersuites;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
const int kex_modes ) const int kex_modes )
{ {
conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
@ -3968,14 +3968,14 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
conf->sig_hashes = hashes; conf->sig_hashes = hashes;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Configure allowed signature algorithms for use in TLS 1.3 */ /* Configure allowed signature algorithms for use in TLS 1.3 */
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs ) const uint16_t* sig_algs )
{ {
conf->tls13_sig_algs = sig_algs; conf->tls13_sig_algs = sig_algs;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
@ -5219,10 +5219,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
ret = mbedtls_ssl_tls13_handshake_client_step( ssl ); ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
@ -5233,10 +5233,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
ret = mbedtls_ssl_tls13_handshake_server_step( ssl ); ret = mbedtls_ssl_tls13_handshake_server_step( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
@ -5556,12 +5556,12 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
psa_destroy_key( handshake->ecdh_psa_privkey ); psa_destroy_key( handshake->ecdh_psa_privkey );
#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_transform_free( handshake->transform_handshake ); mbedtls_ssl_transform_free( handshake->transform_handshake );
mbedtls_ssl_transform_free( handshake->transform_earlydata ); mbedtls_ssl_transform_free( handshake->transform_earlydata );
mbedtls_free( handshake->transform_earlydata ); mbedtls_free( handshake->transform_earlydata );
mbedtls_free( handshake->transform_handshake ); mbedtls_free( handshake->transform_handshake );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
@ -6257,10 +6257,10 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
mbedtls_free( ssl->session_negotiate ); mbedtls_free( ssl->session_negotiate );
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_transform_free( ssl->transform_application ); mbedtls_ssl_transform_free( ssl->transform_application );
mbedtls_free( ssl->transform_application ); mbedtls_free( ssl->transform_application );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
if( ssl->session ) if( ssl->session )
{ {
@ -6361,7 +6361,7 @@ static int ssl_preset_suiteb_hashes[] = {
MBEDTLS_MD_NONE MBEDTLS_MD_NONE
}; };
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static uint16_t ssl_preset_default_sig_algs[] = { static uint16_t ssl_preset_default_sig_algs[] = {
/* ECDSA algorithms */ /* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
@ -6404,7 +6404,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
}; };
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif #endif
static uint16_t ssl_preset_suiteb_groups[] = { static uint16_t ssl_preset_suiteb_groups[] = {
@ -6495,12 +6495,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* /*
* Allow all TLS 1.3 key exchange modes by default. * Allow all TLS 1.3 key exchange modes by default.
*/ */
conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* /*
* Preset-specific defaults * Preset-specific defaults
@ -6524,9 +6524,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
conf->sig_hashes = ssl_preset_suiteb_hashes; conf->sig_hashes = ssl_preset_suiteb_hashes;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs; conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif #endif
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
@ -6562,9 +6562,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
conf->sig_hashes = ssl_preset_default_hashes; conf->sig_hashes = ssl_preset_default_hashes;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->tls13_sig_algs = ssl_preset_default_sig_algs; conf->tls13_sig_algs = ssl_preset_default_sig_algs;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)

4
library/ssl_tls13_client.c
View file

@ -21,7 +21,7 @@
#include "common.h" #include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
@ -1790,4 +1790,4 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

4
library/ssl_tls13_generic.c
View file

@ -21,7 +21,7 @@
#if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <string.h> #include <string.h>
@ -1196,6 +1196,6 @@ cleanup:
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_TLS_C */ #endif /* MBEDTLS_SSL_TLS_C */

4
library/ssl_tls13_keys.c
View file

@ -19,7 +19,7 @@
#include "common.h" #include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
@ -1248,4 +1248,4 @@ int mbedtls_ssl_tls13_generate_application_keys(
return( ret ); return( ret );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

4
library/ssl_tls13_server.c
View file

@ -19,7 +19,7 @@
#include "common.h" #include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
@ -40,4 +40,4 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

59
programs/ssl/ssl_client2.c
View file

@ -268,7 +268,7 @@ int main( void )
#define USAGE_CURVES "" #define USAGE_CURVES ""
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#define USAGE_SIG_ALGS \ #define USAGE_SIG_ALGS \
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \ " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
@ -343,13 +343,13 @@ int main( void )
#define USAGE_SERIALIZATION "" #define USAGE_SERIALIZATION ""
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \ " tls13_kex_modes=%%s default: all\n" \
" options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n" " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
#else #else
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" #define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* USAGE is arbitrarily split to stay under the portable string literal /* USAGE is arbitrarily split to stay under the portable string literal
* length limit: 4095 bytes in C99. */ * length limit: 4095 bytes in C99. */
@ -413,11 +413,11 @@ int main( void )
USAGE_DHMLEN \ USAGE_DHMLEN \
"\n" "\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define TLS1_3_VERSION_OPTIONS ", tls13" #define TLS1_3_VERSION_OPTIONS ", tls13"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #else /* MBEDTLS_SSL_PROTO_TLS1_3 */
#define TLS1_3_VERSION_OPTIONS "" #define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
#define USAGE4 \ #define USAGE4 \
" allow_sha1=%%d default: 0\n" \ " allow_sha1=%%d default: 0\n" \
@ -471,9 +471,9 @@ struct options
const char *ecjpake_pw; /* the EC J-PAKE password */ const char *ecjpake_pw; /* the EC J-PAKE password */
int ec_max_ops; /* EC consecutive operations limit */ int ec_max_ops; /* EC consecutive operations limit */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
int renegotiation; /* enable / disable renegotiation */ int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */ int allow_legacy; /* allow legacy renegotiation */
int renegotiate; /* attempt renegotiation? */ int renegotiate; /* attempt renegotiation? */
@ -653,11 +653,10 @@ int main( int argc, char *argv[] )
mbedtls_net_context server_fd; mbedtls_net_context server_fd;
io_ctx_t io_ctx; io_ctx_t io_ctx;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
unsigned char buf[MAX_REQUEST_SIZE + 1]; unsigned char buf[MAX_REQUEST_SIZE + 1];
@ -840,9 +839,9 @@ int main( int argc, char *argv[] )
opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.ec_max_ops = DFL_EC_MAX_OPS; opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
opt.renegotiation = DFL_RENEGOTIATION; opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY; opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.renegotiate = DFL_RENEGOTIATE; opt.renegotiate = DFL_RENEGOTIATE;
@ -1093,12 +1092,11 @@ int main( int argc, char *argv[] )
} }
else if( strcmp( p, "curves" ) == 0 ) else if( strcmp( p, "curves" ) == 0 )
opt.curves = q; opt.curves = q;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
else if( strcmp( p, "sig_algs" ) == 0 ) else if( strcmp( p, "sig_algs" ) == 0 )
opt.sig_algs = q; opt.sig_algs = q;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
else if( strcmp( p, "etm" ) == 0 ) else if( strcmp( p, "etm" ) == 0 )
{ {
switch( atoi( q ) ) switch( atoi( q ) )
@ -1108,7 +1106,7 @@ int main( int argc, char *argv[] )
default: goto usage; default: goto usage;
} }
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( p, "tls13_kex_modes" ) == 0 ) else if( strcmp( p, "tls13_kex_modes" ) == 0 )
{ {
if( strcmp( q, "psk" ) == 0 ) if( strcmp( q, "psk" ) == 0 )
@ -1125,16 +1123,16 @@ int main( int argc, char *argv[] )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
else goto usage; else goto usage;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else if( strcmp( p, "min_version" ) == 0 ) else if( strcmp( p, "min_version" ) == 0 )
{ {
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
} }
@ -1143,10 +1141,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
} }
@ -1172,13 +1170,13 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
} }
@ -1504,7 +1502,7 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL ) if( opt.sig_algs != NULL )
{ {
@ -1565,8 +1563,7 @@ int main( int argc, char *argv[] )
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE; sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
@ -1866,9 +1863,9 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes ); mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
if( opt.allow_legacy != DFL_ALLOW_LEGACY ) if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
@ -1907,10 +1904,10 @@ int main( int argc, char *argv[] )
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( opt.sig_algs != NULL ) if( opt.sig_algs != NULL )
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list ); mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)

59
programs/ssl/ssl_server2.c
View file

@ -425,7 +425,7 @@ int main( void )
#define USAGE_CURVES "" #define USAGE_CURVES ""
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#define USAGE_SIG_ALGS \ #define USAGE_SIG_ALGS \
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \ " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
@ -448,13 +448,13 @@ int main( void )
#define USAGE_SERIALIZATION "" #define USAGE_SERIALIZATION ""
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \ " tls13_kex_modes=%%s default: all\n" \
" options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n" " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
#else #else
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" #define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* USAGE is arbitrarily split to stay under the portable string literal /* USAGE is arbitrarily split to stay under the portable string literal
@ -513,11 +513,11 @@ int main( void )
USAGE_SIG_ALGS \ USAGE_SIG_ALGS \
"\n" "\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define TLS1_3_VERSION_OPTIONS ", tls13" #define TLS1_3_VERSION_OPTIONS ", tls13"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #else /* MBEDTLS_SSL_PROTO_TLS1_3 */
#define TLS1_3_VERSION_OPTIONS "" #define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
#define USAGE4 \ #define USAGE4 \
USAGE_SSL_ASYNC \ USAGE_SSL_ASYNC \
@ -594,9 +594,9 @@ struct options
char *psk_list; /* list of PSK id/key pairs for callback */ char *psk_list; /* list of PSK id/key pairs for callback */
const char *ecjpake_pw; /* the EC J-PAKE password */ const char *ecjpake_pw; /* the EC J-PAKE password */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
int renegotiation; /* enable / disable renegotiation */ int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */ int allow_legacy; /* allow legacy renegotiation */
int renegotiate; /* attempt renegotiation? */ int renegotiate; /* attempt renegotiation? */
@ -1364,11 +1364,10 @@ int main( int argc, char *argv[] )
size_t context_buf_len = 0; size_t context_buf_len = 0;
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
int i; int i;
char *p, *q; char *p, *q;
@ -1521,9 +1520,9 @@ int main( int argc, char *argv[] )
opt.psk_list = DFL_PSK_LIST; opt.psk_list = DFL_PSK_LIST;
opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
opt.renegotiation = DFL_RENEGOTIATION; opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY; opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.renegotiate = DFL_RENEGOTIATE; opt.renegotiate = DFL_RENEGOTIATE;
@ -1716,12 +1715,11 @@ int main( int argc, char *argv[] )
} }
else if( strcmp( p, "curves" ) == 0 ) else if( strcmp( p, "curves" ) == 0 )
opt.curves = q; opt.curves = q;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
else if( strcmp( p, "sig_algs" ) == 0 ) else if( strcmp( p, "sig_algs" ) == 0 )
opt.sig_algs = q; opt.sig_algs = q;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && && \ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
else if( strcmp( p, "renegotiation" ) == 0 ) else if( strcmp( p, "renegotiation" ) == 0 )
{ {
opt.renegotiation = (atoi( q )) ? opt.renegotiation = (atoi( q )) ?
@ -1771,7 +1769,7 @@ int main( int argc, char *argv[] )
if( opt.exchanges < 0 ) if( opt.exchanges < 0 )
goto usage; goto usage;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( p, "tls13_kex_modes" ) == 0 ) else if( strcmp( p, "tls13_kex_modes" ) == 0 )
{ {
if( strcmp( q, "psk" ) == 0 ) if( strcmp( q, "psk" ) == 0 )
@ -1788,17 +1786,17 @@ int main( int argc, char *argv[] )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
else goto usage; else goto usage;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else if( strcmp( p, "min_version" ) == 0 ) else if( strcmp( p, "min_version" ) == 0 )
{ {
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
} }
@ -1807,10 +1805,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls12" ) == 0 || if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 ) strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
} }
@ -1836,13 +1834,13 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
else if( strcmp( q, "tls13" ) == 0 ) else if( strcmp( q, "tls13" ) == 0 )
{ {
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
else else
goto usage; goto usage;
} }
@ -2248,7 +2246,7 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL ) if( opt.sig_algs != NULL )
{ {
@ -2299,8 +2297,7 @@ int main( int argc, char *argv[] )
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE; sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL && #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
@ -2767,9 +2764,9 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes ); mbedtls_ssl_conf_tls13_key_exchange_modes( &conf, opt.tls13_kex_modes );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
if( opt.allow_legacy != DFL_ALLOW_LEGACY ) if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
@ -2911,10 +2908,10 @@ int main( int argc, char *argv[] )
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( opt.sig_algs != NULL ) if( opt.sig_algs != NULL )
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list ); mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)

400
tests/opt-testcases/tls13-compat.sh
View file

File diff suppressed because it is too large Load diff

56
tests/scripts/all.sh
View file

@ -1531,7 +1531,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
@ -1867,8 +1867,8 @@ component_build_psa_accel_alg_hkdf() {
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_HKDF_C
# Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it. # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver # Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
} }
@ -2724,69 +2724,69 @@ component_build_armcc () {
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
} }
component_test_tls13_experimental () { component_test_tls13 () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
make test make test
msg "ssl-opt.sh (TLS 1.3 experimental)" msg "ssl-opt.sh (TLS 1.3)"
if_build_succeeded tests/ssl-opt.sh if_build_succeeded tests/ssl-opt.sh
} }
component_test_tls13_experimental_no_compatibility_mode () { component_test_tls13_no_compatibility_mode () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
make test make test
msg "ssl-opt.sh (TLS 1.3 experimental)" msg "ssl-opt.sh (TLS 1.3 no compatibility mode)"
if_build_succeeded tests/ssl-opt.sh if_build_succeeded tests/ssl-opt.sh
} }
component_test_tls13_experimental_with_padding () { component_test_tls13_with_padding () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding" msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with padding" msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding"
make test make test
msg "ssl-opt.sh (TLS 1.3 experimental)" msg "ssl-opt.sh (TLS 1.3 with padding)"
if_build_succeeded tests/ssl-opt.sh if_build_succeeded tests/ssl-opt.sh
} }
component_test_tls13_experimental_with_ecp_restartable () { component_test_tls13_with_ecp_restartable () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_ECP_RESTARTABLE scripts/config.py set MBEDTLS_ECP_RESTARTABLE
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable"
make test make test
msg "ssl-opt.sh (TLS 1.3 experimental)" msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)"
if_build_succeeded tests/ssl-opt.sh if_build_succeeded tests/ssl-opt.sh
} }
component_test_tls13_experimental_with_everest () { component_test_tls13_with_everest () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest"
make test make test
msg "ssl-opt.sh (TLS 1.3 experimental)" msg "ssl-opt.sh (TLS 1.3 with everest)"
if_build_succeeded tests/ssl-opt.sh if_build_succeeded tests/ssl-opt.sh
} }

2
tests/scripts/generate_tls13_compat_tests.py
View file

@ -278,7 +278,7 @@ class MbedTLSCli(TLSProgram):
def pre_checks(self): def pre_checks(self):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C', ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_CLI_C', 'requires_config_enabled MBEDTLS_SSL_CLI_C',
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL', 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3',
'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO'] 'requires_config_disabled MBEDTLS_USE_PSA_CRYPTO']
if self._compat_mode: if self._compat_mode:

48
tests/ssl-opt.sh
View file

@ -1697,32 +1697,32 @@ run_test "SHA-256 allowed by default in client certificate" \
# Dummy TLS 1.3 test # Dummy TLS 1.3 test
# Currently only checking that passing TLS 1.3 key exchange modes to # Currently only checking that passing TLS 1.3 key exchange modes to
# ssl_client2/ssl_server2 example programs works. # ssl_client2/ssl_server2 example programs works.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \ run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \
"$P_SRV tls13_kex_modes=psk" \ "$P_SRV tls13_kex_modes=psk" \
"$P_CLI tls13_kex_modes=psk" \ "$P_CLI tls13_kex_modes=psk" \
0 0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \ run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
"$P_SRV tls13_kex_modes=psk_ephemeral" \ "$P_SRV tls13_kex_modes=psk_ephemeral" \
"$P_CLI tls13_kex_modes=psk_ephemeral" \ "$P_CLI tls13_kex_modes=psk_ephemeral" \
0 0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \ run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \
"$P_SRV tls13_kex_modes=ephemeral" \ "$P_SRV tls13_kex_modes=ephemeral" \
"$P_CLI tls13_kex_modes=ephemeral" \ "$P_CLI tls13_kex_modes=ephemeral" \
0 0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \ run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \
"$P_SRV tls13_kex_modes=ephemeral_all" \ "$P_SRV tls13_kex_modes=ephemeral_all" \
"$P_CLI tls13_kex_modes=ephemeral_all" \ "$P_CLI tls13_kex_modes=ephemeral_all" \
0 0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \ run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \
"$P_SRV tls13_kex_modes=psk_all" \ "$P_SRV tls13_kex_modes=psk_all" \
"$P_CLI tls13_kex_modes=psk_all" \ "$P_CLI tls13_kex_modes=psk_all" \
0 0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All" \ run_test "TLS 1.3, key exchange mode parameter passing: All" \
"$P_SRV tls13_kex_modes=all" \ "$P_SRV tls13_kex_modes=all" \
"$P_CLI tls13_kex_modes=all" \ "$P_CLI tls13_kex_modes=all" \
@ -8790,7 +8790,7 @@ run_test "TLS 1.3: Test gnutls tls1_3 feature" \
# TLS1.3 test cases # TLS1.3 test cases
# TODO: remove or rewrite this test case if #4832 is resolved. # TODO: remove or rewrite this test case if #4832 is resolved.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
skip_handshake_stage_check skip_handshake_stage_check
run_test "TLS 1.3: Not supported version check: tls12 and tls13" \ run_test "TLS 1.3: Not supported version check: tls12 and tls13" \
"$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \ "$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \
@ -8802,7 +8802,7 @@ run_test "TLS 1.3: Not supported version check: tls12 and tls13" \
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" -c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3: handshake dispatch test: tls13 only" \ run_test "TLS 1.3: handshake dispatch test: tls13 only" \
"$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \ "$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \
"$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \ "$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \
@ -8811,7 +8811,7 @@ run_test "TLS 1.3: handshake dispatch test: tls13 only" \
-c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST" -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST"
requires_openssl_tls1_3 requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -8844,7 +8844,7 @@ run_test "TLS 1.3: minimal feature sets - openssl" \
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -8876,7 +8876,7 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \
-c "<= parse finished message" \ -c "<= parse finished message" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check skip_handshake_stage_check
@ -8890,7 +8890,7 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.0" \
-S "Version: TLS1.0" \ -S "Version: TLS1.0" \
-C "Protocol is TLSv1.0" -C "Protocol is TLSv1.0"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check skip_handshake_stage_check
@ -8904,7 +8904,7 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.1" \
-S "Version: TLS1.1" \ -S "Version: TLS1.1" \
-C "Protocol is TLSv1.1" -C "Protocol is TLSv1.1"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check skip_handshake_stage_check
@ -8918,7 +8918,7 @@ run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.2" \
-S "Version: TLS1.2" \ -S "Version: TLS1.2" \
-C "Protocol is TLSv1.2" -C "Protocol is TLSv1.2"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check skip_handshake_stage_check
@ -8932,7 +8932,7 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.0" \
-S "Version: TLS1.0" \ -S "Version: TLS1.0" \
-C "Protocol : TLSv1.0" -C "Protocol : TLSv1.0"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check skip_handshake_stage_check
@ -8946,7 +8946,7 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.1" \
-S "Version: TLS1.1" \ -S "Version: TLS1.1" \
-C "Protocol : TLSv1.1" -C "Protocol : TLSv1.1"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
skip_handshake_stage_check skip_handshake_stage_check
@ -8961,7 +8961,7 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \
-C "Protocol : TLSv1.2" -C "Protocol : TLSv1.2"
requires_openssl_tls1_3 requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -8974,7 +8974,7 @@ run_test "TLS 1.3: CertificateRequest check - openssl" \
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -8985,7 +8985,7 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \
1 \ 1 \
-c "CertificateRequest not supported" -c "CertificateRequest not supported"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -9001,7 +9001,7 @@ run_test "TLS 1.3: HelloRetryRequest check - openssl" \
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -9021,7 +9021,7 @@ do
done done
requires_openssl_tls1_3 requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -9033,7 +9033,7 @@ run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
-c "HTTP/1.0 200 ok" -c "HTTP/1.0 200 ok"
requires_openssl_tls1_3 requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -9047,7 +9047,7 @@ run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -9060,7 +9060,7 @@ run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C

2
tests/suites/test_suite_mps.function
View file

@ -20,7 +20,7 @@
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL * depends_on:MBEDTLS_SSL_PROTO_TLS1_3
* END_DEPENDENCIES * END_DEPENDENCIES
*/ */

30
tests/suites/test_suite_ssl.data
View file

@ -2363,7 +2363,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, AES-128-GCM, 1.3 Record crypt, AES-128-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, AES-128-GCM, 1.2, CID 4+4 Record crypt, AES-128-GCM, 1.2, CID 4+4
@ -2391,7 +2391,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, AES-192-GCM, 1.3 Record crypt, AES-192-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, AES-192-GCM, 1.2, CID 4+4 Record crypt, AES-192-GCM, 1.2, CID 4+4
@ -2419,7 +2419,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, AES-256-GCM, 1.3 Record crypt, AES-256-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, AES-256-GCM, 1.2, CID 4+4 Record crypt, AES-256-GCM, 1.2, CID 4+4
@ -2519,7 +2519,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, AES-128-CCM, 1.3 Record crypt, AES-128-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, AES-128-CCM, 1.2, CID 4+4 Record crypt, AES-128-CCM, 1.2, CID 4+4
@ -2547,7 +2547,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, AES-192-CCM, 1.3 Record crypt, AES-192-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, AES-192-CCM, 1.2, CID 4+4 Record crypt, AES-192-CCM, 1.2, CID 4+4
@ -2575,7 +2575,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, AES-256-CCM, 1.3 Record crypt, AES-256-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, AES-256-CCM, 1.2, CID 4+4 Record crypt, AES-256-CCM, 1.2, CID 4+4
@ -2739,7 +2739,7 @@ depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, ChachaPoly, 1.3 Record crypt, ChachaPoly, 1.3
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, ChachaPoly Record crypt, little space, ChachaPoly
@ -2747,7 +2747,7 @@ depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, little space, ChachaPoly, 1.3 Record crypt, little space, ChachaPoly, 1.3
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, ChachaPoly, CID 4+4 Record crypt, little space, ChachaPoly, CID 4+4
@ -4491,7 +4491,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, little space, AES-128-GCM, 1.3 Record crypt, little space, AES-128-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, AES-128-GCM, 1.2, CID 4+4 Record crypt, little space, AES-128-GCM, 1.2, CID 4+4
@ -4519,7 +4519,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, little space, AES-192-GCM, 1.3 Record crypt, little space, AES-192-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, AES-192-GCM, 1.2, CID 4+4 Record crypt, little space, AES-192-GCM, 1.2, CID 4+4
@ -4547,7 +4547,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, little space, AES-256-GCM, 1.3 Record crypt, little space, AES-256-GCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, AES-256-GCM, 1.2, CID 4+4 Record crypt, little space, AES-256-GCM, 1.2, CID 4+4
@ -4647,7 +4647,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, little space, AES-128-CCM, 1.3 Record crypt, little space, AES-128-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, AES-128-CCM, 1.2, CID 4+4 Record crypt, little space, AES-128-CCM, 1.2, CID 4+4
@ -4675,7 +4675,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, little space, AES-192-CCM, 1.3 Record crypt, little space, AES-192-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, AES-192-CCM, 1.2, CID 4+4 Record crypt, little space, AES-192-CCM, 1.2, CID 4+4
@ -4703,7 +4703,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
Record crypt, little space, AES-256-CCM, 1.3 Record crypt, little space, AES-256-CCM, 1.3
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0
Record crypt, little space, AES-256-CCM, 1.2, CID 4+4 Record crypt, little space, AES-256-CCM, 1.2, CID 4+4
@ -5889,7 +5889,7 @@ ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255
SSL TLS 1.3 Key schedule: Secret evolution #1 SSL TLS 1.3 Key schedule: Secret evolution #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Initial secret to Early Secret # Initial secret to Early Secret
depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL depends_on:MBEDTLS_SSL_PROTO_TLS1_3
ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a" ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
SSL TLS 1.3 Key schedule: Secret evolution #2 SSL TLS 1.3 Key schedule: Secret evolution #2

32
tests/suites/test_suite_ssl.function
View file

@ -1323,14 +1323,14 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
{ {
case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM: case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
t_out->fixed_ivlen = 12; t_out->fixed_ivlen = 12;
t_in->fixed_ivlen = 12; t_in->fixed_ivlen = 12;
} }
else else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
{ {
t_out->fixed_ivlen = 4; t_out->fixed_ivlen = 4;
t_in->fixed_ivlen = 4; t_in->fixed_ivlen = 4;
@ -3254,7 +3254,7 @@ void ssl_crypt_record( int cipher_type, int hash_id,
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
/* TLS 1.3 hides the real content type and /* TLS 1.3 hides the real content type and
@ -3262,7 +3262,7 @@ void ssl_crypt_record( int cipher_type, int hash_id,
* for protected records. Double-check this. */ * for protected records. Double-check this. */
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA ); TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Decrypt record with t_dec */ /* Decrypt record with t_dec */
ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ); ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
@ -3418,7 +3418,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
/* TLS 1.3 hides the real content type and /* TLS 1.3 hides the real content type and
@ -3426,7 +3426,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
* for protected records. Double-check this. */ * for protected records. Double-check this. */
TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA ); TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Decrypt record with t_dec */ /* Decrypt record with t_dec */
TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 ); TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
@ -3669,7 +3669,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_hkdf_expand_label( int hash_alg, void ssl_tls13_hkdf_expand_label( int hash_alg,
data_t *secret, data_t *secret,
int label_idx, int label_idx,
@ -3707,7 +3707,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_traffic_key_generation( int hash_alg, void ssl_tls13_traffic_key_generation( int hash_alg,
data_t *server_secret, data_t *server_secret,
data_t *client_secret, data_t *client_secret,
@ -3754,7 +3754,7 @@ void ssl_tls13_traffic_key_generation( int hash_alg,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_derive_secret( int hash_alg, void ssl_tls13_derive_secret( int hash_alg,
data_t *secret, data_t *secret,
int label_idx, int label_idx,
@ -3794,7 +3794,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_derive_early_secrets( int hash_alg, void ssl_tls13_derive_early_secrets( int hash_alg,
data_t *secret, data_t *secret,
data_t *transcript, data_t *transcript,
@ -3824,7 +3824,7 @@ void ssl_tls13_derive_early_secrets( int hash_alg,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_derive_handshake_secrets( int hash_alg, void ssl_tls13_derive_handshake_secrets( int hash_alg,
data_t *secret, data_t *secret,
data_t *transcript, data_t *transcript,
@ -3854,7 +3854,7 @@ void ssl_tls13_derive_handshake_secrets( int hash_alg,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_derive_application_secrets( int hash_alg, void ssl_tls13_derive_application_secrets( int hash_alg,
data_t *secret, data_t *secret,
data_t *transcript, data_t *transcript,
@ -3888,7 +3888,7 @@ void ssl_tls13_derive_application_secrets( int hash_alg,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_derive_resumption_secrets( int hash_alg, void ssl_tls13_derive_resumption_secrets( int hash_alg,
data_t *secret, data_t *secret,
data_t *transcript, data_t *transcript,
@ -3914,7 +3914,7 @@ void ssl_tls13_derive_resumption_secrets( int hash_alg,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_create_psk_binder( int hash_alg, void ssl_tls13_create_psk_binder( int hash_alg,
data_t *psk, data_t *psk,
int psk_type, int psk_type,
@ -3944,7 +3944,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_record_protection( int ciphersuite, void ssl_tls13_record_protection( int ciphersuite,
int endpoint, int endpoint,
int ctr, int ctr,
@ -4042,7 +4042,7 @@ void ssl_tls13_record_protection( int ciphersuite,
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_key_evolution( int hash_alg, void ssl_tls13_key_evolution( int hash_alg,
data_t *secret, data_t *secret,
data_t *input, data_t *input,