Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to guard TLS code (both TLS 1.2 and 1.3) specific to handshakes involving certificates. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
41a443a68d
commit
e68ab4f55e
8 changed files with 133 additions and 128 deletions
|
@ -1444,13 +1444,13 @@ struct mbedtls_ssl_config
|
||||||
void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
|
void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
|
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
|
||||||
#endif
|
#endif
|
||||||
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
|
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
|
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
|
||||||
|
@ -3598,7 +3598,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||||
void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
|
||||||
const uint16_t *groups );
|
const uint16_t *groups );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
/**
|
/**
|
||||||
* \brief Set the allowed hashes for signatures during the handshake.
|
* \brief Set the allowed hashes for signatures during the handshake.
|
||||||
|
@ -3644,7 +3644,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||||
const uint16_t* sig_algs );
|
const uint16_t* sig_algs );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -292,6 +292,11 @@ typedef enum {
|
||||||
#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
|
||||||
|
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||||
|
#define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Key exchanges allowing client certificate requests */
|
/* Key exchanges allowing client certificate requests */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
|
|
|
@ -608,7 +608,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if(
|
if(
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
( propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) ) ||
|
( propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) ) ||
|
||||||
|
@ -623,7 +623,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
|
||||||
return( ret );
|
return( ret );
|
||||||
p += output_len;
|
p += output_len;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( propose_tls12 )
|
if( propose_tls12 )
|
||||||
|
|
|
@ -245,7 +245,7 @@
|
||||||
|
|
||||||
#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
|
#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
|
|
||||||
#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
|
#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
|
||||||
|
|
||||||
|
@ -255,7 +255,7 @@
|
||||||
#define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8)
|
#define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8)
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check that we obey the standard's message size bounds
|
* Check that we obey the standard's message size bounds
|
||||||
|
@ -629,7 +629,7 @@ struct mbedtls_ssl_handshake_params
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE];
|
uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -862,7 +862,7 @@ struct mbedtls_ssl_handshake_params
|
||||||
represents an extension and defined
|
represents an extension and defined
|
||||||
as \c MBEDTLS_SSL_EXT_XXX */
|
as \c MBEDTLS_SSL_EXT_XXX */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
unsigned char certificate_request_context_len;
|
unsigned char certificate_request_context_len;
|
||||||
unsigned char *certificate_request_context;
|
unsigned char *certificate_request_context;
|
||||||
#endif
|
#endif
|
||||||
|
@ -1918,7 +1918,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* Parse TLS Signature Algorithm extension
|
* Parse TLS Signature Algorithm extension
|
||||||
*/
|
*/
|
||||||
|
@ -1926,7 +1926,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
const unsigned char *end );
|
const unsigned char *end );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
/* Get handshake transcript */
|
/* Get handshake transcript */
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
|
@ -2046,7 +2046,7 @@ static inline int mbedtls_ssl_named_group_is_supported( uint16_t named_group )
|
||||||
static inline const void *mbedtls_ssl_get_sig_algs(
|
static inline const void *mbedtls_ssl_get_sig_algs(
|
||||||
const mbedtls_ssl_context *ssl )
|
const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
if( ssl->handshake != NULL &&
|
if( ssl->handshake != NULL &&
|
||||||
|
@ -2058,11 +2058,11 @@ static inline const void *mbedtls_ssl_get_sig_algs(
|
||||||
#endif
|
#endif
|
||||||
return( ssl->conf->sig_algs );
|
return( ssl->conf->sig_algs );
|
||||||
|
|
||||||
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
((void) ssl);
|
((void) ssl);
|
||||||
return( NULL );
|
return( NULL );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||||
|
@ -2153,7 +2153,7 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
|
||||||
mbedtls_pk_context *key );
|
mbedtls_pk_context *key );
|
||||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
|
static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
|
||||||
uint16_t proposed_sig_alg )
|
uint16_t proposed_sig_alg )
|
||||||
{
|
{
|
||||||
|
@ -2292,7 +2292,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
|
||||||
((void) sig_alg);
|
((void) sig_alg);
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
|
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
|
||||||
|
|
|
@ -843,7 +843,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
/* Heap allocate and translate sig_hashes from internal hash identifiers to
|
/* Heap allocate and translate sig_hashes from internal hash identifiers to
|
||||||
|
@ -909,7 +909,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
ssl->handshake->sig_algs_heap_allocated = 0;
|
ssl->handshake->sig_algs_heap_allocated = 0;
|
||||||
}
|
}
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2395,7 +2395,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
/*
|
/*
|
||||||
* Set allowed/preferred hashes for handshake signatures
|
* Set allowed/preferred hashes for handshake signatures
|
||||||
|
@ -2416,7 +2416,7 @@ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
conf->sig_algs = sig_algs;
|
conf->sig_algs = sig_algs;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
|
@ -3587,7 +3587,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
if ( ssl->handshake->sig_algs_heap_allocated )
|
if ( ssl->handshake->sig_algs_heap_allocated )
|
||||||
mbedtls_free( (void*) handshake->sig_algs );
|
mbedtls_free( (void*) handshake->sig_algs );
|
||||||
|
@ -3599,7 +3599,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_free( (void*) handshake->certificate_request_context );
|
mbedtls_free( (void*) handshake->certificate_request_context );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||||
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
|
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
|
||||||
|
@ -4465,7 +4465,7 @@ static int ssl_preset_suiteb_ciphersuites[] = {
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
|
|
||||||
/* NOTICE:
|
/* NOTICE:
|
||||||
* For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following
|
* For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following
|
||||||
|
@ -4610,7 +4610,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
|
||||||
};
|
};
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
static uint16_t ssl_preset_suiteb_groups[] = {
|
static uint16_t ssl_preset_suiteb_groups[] = {
|
||||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||||
|
@ -4622,7 +4622,7 @@ static uint16_t ssl_preset_suiteb_groups[] = {
|
||||||
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
|
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
|
||||||
};
|
};
|
||||||
|
|
||||||
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
|
/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
|
||||||
* to make sure there are no duplicated signature algorithm entries. */
|
* to make sure there are no duplicated signature algorithm entries. */
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
|
@ -4646,7 +4646,7 @@ static int ssl_check_no_sig_alg_duplication( uint16_t * sig_algs )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Load default in mbedtls_ssl_config
|
* Load default in mbedtls_ssl_config
|
||||||
|
@ -4658,7 +4658,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( ssl_check_no_sig_alg_duplication( ssl_preset_suiteb_sig_algs ) )
|
if( ssl_check_no_sig_alg_duplication( ssl_preset_suiteb_sig_algs ) )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" );
|
mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" );
|
||||||
|
@ -4684,7 +4684,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
|
return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
/* Use the functions here so that they are covered in tests,
|
/* Use the functions here so that they are covered in tests,
|
||||||
* but otherwise access member directly for efficiency */
|
* but otherwise access member directly for efficiency */
|
||||||
|
@ -4815,14 +4815,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
|
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
|
||||||
conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
|
conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
conf->sig_algs = ssl_preset_suiteb_sig_algs;
|
conf->sig_algs = ssl_preset_suiteb_sig_algs;
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
conf->curve_list = NULL;
|
conf->curve_list = NULL;
|
||||||
|
@ -4841,14 +4841,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
|
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
|
||||||
conf->sig_algs = ssl_tls12_preset_default_sig_algs;
|
conf->sig_algs = ssl_tls12_preset_default_sig_algs;
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
conf->sig_algs = ssl_preset_default_sig_algs;
|
conf->sig_algs = ssl_preset_default_sig_algs;
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
conf->curve_list = NULL;
|
conf->curve_list = NULL;
|
||||||
|
@ -5274,7 +5274,7 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/* mbedtls_ssl_parse_sig_alg_ext()
|
/* mbedtls_ssl_parse_sig_alg_ext()
|
||||||
*
|
*
|
||||||
* The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
|
* The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
|
||||||
|
@ -5382,7 +5382,7 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
|
||||||
|
@ -8588,7 +8588,7 @@ int mbedtls_ssl_validate_ciphersuite(
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* Function for writing a signature algorithm extension.
|
* Function for writing a signature algorithm extension.
|
||||||
*
|
*
|
||||||
|
@ -8691,7 +8691,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -120,7 +120,7 @@ int main( void )
|
||||||
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
|
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
|
||||||
#define GET_REQUEST_END "\r\n\r\n"
|
#define GET_REQUEST_END "\r\n\r\n"
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_CONTEXT_CRT_CB \
|
#define USAGE_CONTEXT_CRT_CB \
|
||||||
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
|
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
|
||||||
" to the SSL configuration of the SSL context.\n" \
|
" to the SSL configuration of the SSL context.\n" \
|
||||||
|
@ -129,8 +129,8 @@ int main( void )
|
||||||
" - 1: Use CRT callback bound to SSL context\n"
|
" - 1: Use CRT callback bound to SSL context\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_CONTEXT_CRT_CB ""
|
#define USAGE_CONTEXT_CRT_CB ""
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
|
@ -148,10 +148,10 @@ int main( void )
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" No file operations available (MBEDTLS_FS_IO not defined)\n"
|
" No file operations available (MBEDTLS_FS_IO not defined)\n"
|
||||||
#endif /* MBEDTLS_FS_IO */
|
#endif /* MBEDTLS_FS_IO */
|
||||||
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_KEY_OPAQUE \
|
#define USAGE_KEY_OPAQUE \
|
||||||
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
||||||
" default: 0 (disabled)\n"
|
" default: 0 (disabled)\n"
|
||||||
|
@ -269,7 +269,7 @@ int main( void )
|
||||||
#define USAGE_CURVES ""
|
#define USAGE_CURVES ""
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_SIG_ALGS \
|
#define USAGE_SIG_ALGS \
|
||||||
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
||||||
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
|
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
|
||||||
|
@ -540,7 +540,7 @@ struct options
|
||||||
|
|
||||||
#include "ssl_test_common_source.c"
|
#include "ssl_test_common_source.c"
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
static unsigned char peer_crt_info[1024];
|
static unsigned char peer_crt_info[1024];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -578,7 +578,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
int report_cid_usage( mbedtls_ssl_context *ssl,
|
int report_cid_usage( mbedtls_ssl_context *ssl,
|
||||||
|
@ -718,7 +718,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_net_context server_fd;
|
mbedtls_net_context server_fd;
|
||||||
io_ctx_t io_ctx;
|
io_ctx_t io_ctx;
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -775,7 +775,7 @@ int main( int argc, char *argv[] )
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_timing_delay_context timer;
|
mbedtls_timing_delay_context timer;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
uint32_t flags;
|
uint32_t flags;
|
||||||
mbedtls_x509_crt cacert;
|
mbedtls_x509_crt cacert;
|
||||||
mbedtls_x509_crt clicert;
|
mbedtls_x509_crt clicert;
|
||||||
|
@ -784,7 +784,7 @@ int main( int argc, char *argv[] )
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
char *p, *q;
|
char *p, *q;
|
||||||
const int *list;
|
const int *list;
|
||||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
|
@ -825,7 +825,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_config_init( &conf );
|
mbedtls_ssl_config_init( &conf );
|
||||||
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
|
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
|
||||||
rng_init( &rng );
|
rng_init( &rng );
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_init( &cacert );
|
mbedtls_x509_crt_init( &cacert );
|
||||||
mbedtls_x509_crt_init( &clicert );
|
mbedtls_x509_crt_init( &clicert );
|
||||||
mbedtls_pk_init( &pkey );
|
mbedtls_pk_init( &pkey );
|
||||||
|
@ -1025,7 +1025,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.key_file = q;
|
opt.key_file = q;
|
||||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||||
opt.key_pwd = q;
|
opt.key_pwd = q;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
else if( strcmp( p, "key_opaque" ) == 0 )
|
else if( strcmp( p, "key_opaque" ) == 0 )
|
||||||
opt.key_opaque = atoi( q );
|
opt.key_opaque = atoi( q );
|
||||||
#endif
|
#endif
|
||||||
|
@ -1163,7 +1163,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "curves" ) == 0 )
|
else if( strcmp( p, "curves" ) == 0 )
|
||||||
opt.curves = q;
|
opt.curves = q;
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
else if( strcmp( p, "sig_algs" ) == 0 )
|
else if( strcmp( p, "sig_algs" ) == 0 )
|
||||||
opt.sig_algs = q;
|
opt.sig_algs = q;
|
||||||
#endif
|
#endif
|
||||||
|
@ -1569,7 +1569,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( opt.sig_algs != NULL )
|
if( opt.sig_algs != NULL )
|
||||||
{
|
{
|
||||||
p = (char *) opt.sig_algs;
|
p = (char *) opt.sig_algs;
|
||||||
|
@ -1668,7 +1668,7 @@ int main( int argc, char *argv[] )
|
||||||
|
|
||||||
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
|
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
if( opt.alpn_string != NULL )
|
if( opt.alpn_string != NULL )
|
||||||
|
@ -1701,7 +1701,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* 1.1. Load the trusted CA
|
* 1.1. Load the trusted CA
|
||||||
*/
|
*/
|
||||||
|
@ -1823,7 +1823,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " ok (key type: %s)\n",
|
mbedtls_printf( " ok (key type: %s)\n",
|
||||||
strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
|
strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
|
||||||
mbedtls_pk_get_name( &pkey ) : "none" );
|
mbedtls_pk_get_name( &pkey ) : "none" );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2. Setup stuff
|
* 2. Setup stuff
|
||||||
|
@ -1841,7 +1841,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/* The default algorithms profile disables SHA-1, but our tests still
|
/* The default algorithms profile disables SHA-1, but our tests still
|
||||||
rely on it heavily. */
|
rely on it heavily. */
|
||||||
if( opt.allow_sha1 > 0 )
|
if( opt.allow_sha1 > 0 )
|
||||||
|
@ -1854,7 +1854,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
||||||
|
|
||||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
|
if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
|
||||||
|
@ -1991,7 +1991,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
|
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||||
strcmp( opt.ca_file, "none" ) != 0 )
|
strcmp( opt.ca_file, "none" ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -2012,7 +2012,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
if( opt.curves != NULL &&
|
if( opt.curves != NULL &&
|
||||||
|
@ -2022,7 +2022,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( opt.sig_algs != NULL )
|
if( opt.sig_algs != NULL )
|
||||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||||
#endif
|
#endif
|
||||||
|
@ -2099,7 +2099,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
||||||
|
@ -2122,10 +2122,10 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( opt.context_crt_cb == 1 )
|
if( opt.context_crt_cb == 1 )
|
||||||
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
io_ctx.ssl = &ssl;
|
io_ctx.ssl = &ssl;
|
||||||
io_ctx.net = &server_fd;
|
io_ctx.net = &server_fd;
|
||||||
|
@ -2446,7 +2446,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* 5. Verify the server certificate
|
* 5. Verify the server certificate
|
||||||
*/
|
*/
|
||||||
|
@ -2469,7 +2469,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " . Peer certificate information ...\n" );
|
mbedtls_printf( " . Peer certificate information ...\n" );
|
||||||
mbedtls_printf( "%s\n", peer_crt_info );
|
mbedtls_printf( "%s\n", peer_crt_info );
|
||||||
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
ret = report_cid_usage( &ssl, "initial handshake" );
|
ret = report_cid_usage( &ssl, "initial handshake" );
|
||||||
|
@ -2844,9 +2844,9 @@ send_request:
|
||||||
mbedtls_printf( " . Restarting connection from same port..." );
|
mbedtls_printf( " . Restarting connection from same port..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3080,9 +3080,9 @@ reconnect:
|
||||||
|
|
||||||
mbedtls_printf( " . Reconnecting with saved session..." );
|
mbedtls_printf( " . Reconnecting with saved session..." );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3186,14 +3186,14 @@ exit:
|
||||||
mbedtls_free( context_buf );
|
mbedtls_free( context_buf );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_free( &clicert );
|
mbedtls_x509_crt_free( &clicert );
|
||||||
mbedtls_x509_crt_free( &cacert );
|
mbedtls_x509_crt_free( &cacert );
|
||||||
mbedtls_pk_free( &pkey );
|
mbedtls_pk_free( &pkey );
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_destroy_key( key_slot );
|
psa_destroy_key( key_slot );
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
||||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
|
|
@ -175,7 +175,7 @@ int main( void )
|
||||||
*/
|
*/
|
||||||
#define DFL_IO_BUF_LEN 200
|
#define DFL_IO_BUF_LEN 200
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
|
@ -206,8 +206,8 @@ int main( void )
|
||||||
#endif /* MBEDTLS_FS_IO */
|
#endif /* MBEDTLS_FS_IO */
|
||||||
#else
|
#else
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_KEY_OPAQUE \
|
#define USAGE_KEY_OPAQUE \
|
||||||
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
||||||
" default: 0 (disabled)\n"
|
" default: 0 (disabled)\n"
|
||||||
|
@ -435,7 +435,7 @@ int main( void )
|
||||||
#define USAGE_CURVES ""
|
#define USAGE_CURVES ""
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_SIG_ALGS \
|
#define USAGE_SIG_ALGS \
|
||||||
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
|
||||||
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
|
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
|
||||||
|
@ -1113,7 +1113,7 @@ typedef struct
|
||||||
unsigned remaining_delay;
|
unsigned remaining_delay;
|
||||||
} ssl_async_operation_context_t;
|
} ssl_async_operation_context_t;
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
|
|
||||||
/* Note that ssl_async_operation_type_t and the array below need to be kept in sync!
|
/* Note that ssl_async_operation_type_t and the array below need to be kept in sync!
|
||||||
* `ssl_async_operation_names[op]` is the name of op for each value `op`
|
* `ssl_async_operation_names[op]` is the name of op for each value `op`
|
||||||
|
@ -1276,7 +1276,7 @@ static void ssl_async_cancel( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_printf( "Async cancel callback.\n" );
|
mbedtls_printf( "Async cancel callback.\n" );
|
||||||
mbedtls_free( ctx );
|
mbedtls_free( ctx );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
@ -1455,7 +1455,7 @@ int main( int argc, char *argv[] )
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
unsigned char renego_period[8] = { 0 };
|
unsigned char renego_period[8] = { 0 };
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
uint32_t flags;
|
uint32_t flags;
|
||||||
mbedtls_x509_crt cacert;
|
mbedtls_x509_crt cacert;
|
||||||
mbedtls_x509_crt srvcert;
|
mbedtls_x509_crt srvcert;
|
||||||
|
@ -1468,7 +1468,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||||
#endif
|
#endif
|
||||||
int key_cert_init = 0, key_cert_init2 = 0;
|
int key_cert_init = 0, key_cert_init2 = 0;
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||||
ssl_async_key_context_t ssl_async_keys;
|
ssl_async_key_context_t ssl_async_keys;
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
@ -1505,7 +1505,7 @@ int main( int argc, char *argv[] )
|
||||||
size_t context_buf_len = 0;
|
size_t context_buf_len = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1552,7 +1552,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_init( &ssl );
|
mbedtls_ssl_init( &ssl );
|
||||||
mbedtls_ssl_config_init( &conf );
|
mbedtls_ssl_config_init( &conf );
|
||||||
rng_init( &rng );
|
rng_init( &rng );
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_init( &cacert );
|
mbedtls_x509_crt_init( &cacert );
|
||||||
mbedtls_x509_crt_init( &srvcert );
|
mbedtls_x509_crt_init( &srvcert );
|
||||||
mbedtls_pk_init( &pkey );
|
mbedtls_pk_init( &pkey );
|
||||||
|
@ -1781,7 +1781,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.key_file = q;
|
opt.key_file = q;
|
||||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||||
opt.key_pwd = q;
|
opt.key_pwd = q;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
else if( strcmp( p, "key_opaque" ) == 0 )
|
else if( strcmp( p, "key_opaque" ) == 0 )
|
||||||
opt.key_opaque = atoi( q );
|
opt.key_opaque = atoi( q );
|
||||||
#endif
|
#endif
|
||||||
|
@ -1865,7 +1865,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "curves" ) == 0 )
|
else if( strcmp( p, "curves" ) == 0 )
|
||||||
opt.curves = q;
|
opt.curves = q;
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
else if( strcmp( p, "sig_algs" ) == 0 )
|
else if( strcmp( p, "sig_algs" ) == 0 )
|
||||||
opt.sig_algs = q;
|
opt.sig_algs = q;
|
||||||
#endif
|
#endif
|
||||||
|
@ -2451,7 +2451,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( opt.sig_algs != NULL )
|
if( opt.sig_algs != NULL )
|
||||||
{
|
{
|
||||||
p = (char *) opt.sig_algs;
|
p = (char *) opt.sig_algs;
|
||||||
|
@ -2583,7 +2583,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* 1.1. Load the trusted CA
|
* 1.1. Load the trusted CA
|
||||||
*/
|
*/
|
||||||
|
@ -2791,7 +2791,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " ok (key types: %s, %s)\n",
|
mbedtls_printf( " ok (key types: %s, %s)\n",
|
||||||
key_cert_init ? mbedtls_pk_get_name( &pkey ) : "none",
|
key_cert_init ? mbedtls_pk_get_name( &pkey ) : "none",
|
||||||
key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" );
|
key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
||||||
if( opt.dhm_file != NULL )
|
if( opt.dhm_file != NULL )
|
||||||
|
@ -2841,7 +2841,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/* The default algorithms profile disables SHA-1, but our tests still
|
/* The default algorithms profile disables SHA-1, but our tests still
|
||||||
rely on it heavily. Hence we allow it here. A real-world server
|
rely on it heavily. Hence we allow it here. A real-world server
|
||||||
should use the default profile unless there is a good reason not to. */
|
should use the default profile unless there is a good reason not to. */
|
||||||
|
@ -2851,7 +2851,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
|
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
|
||||||
mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
|
mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||||
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
||||||
|
@ -3102,7 +3102,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||||
strcmp( opt.ca_file, "none" ) != 0 )
|
strcmp( opt.ca_file, "none" ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3191,7 +3191,7 @@ int main( int argc, char *argv[] )
|
||||||
&ssl_async_keys );
|
&ssl_async_keys );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(SNI_OPTION)
|
#if defined(SNI_OPTION)
|
||||||
if( opt.sni != NULL )
|
if( opt.sni != NULL )
|
||||||
|
@ -3228,7 +3228,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( opt.sig_algs != NULL )
|
if( opt.sig_algs != NULL )
|
||||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||||
#endif
|
#endif
|
||||||
|
@ -3542,7 +3542,7 @@ handshake:
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||||
{
|
{
|
||||||
char vrfy_buf[512];
|
char vrfy_buf[512];
|
||||||
|
@ -3597,7 +3597,7 @@ handshake:
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* 5. Verify the client certificate
|
* 5. Verify the client certificate
|
||||||
*/
|
*/
|
||||||
|
@ -3626,7 +3626,7 @@ handshake:
|
||||||
mbedtls_printf( "%s\n", crt_buf );
|
mbedtls_printf( "%s\n", crt_buf );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_X509_REMOVE_INFO */
|
#endif /* MBEDTLS_X509_REMOVE_INFO */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
if( opt.eap_tls != 0 )
|
if( opt.eap_tls != 0 )
|
||||||
{
|
{
|
||||||
|
@ -4320,7 +4320,7 @@ exit:
|
||||||
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_free( &cacert );
|
mbedtls_x509_crt_free( &cacert );
|
||||||
mbedtls_x509_crt_free( &srvcert );
|
mbedtls_x509_crt_free( &srvcert );
|
||||||
mbedtls_pk_free( &pkey );
|
mbedtls_pk_free( &pkey );
|
||||||
|
|
|
@ -31,7 +31,7 @@ typedef struct log_pattern
|
||||||
size_t counter;
|
size_t counter;
|
||||||
} log_pattern;
|
} log_pattern;
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
static int rng_seed = 0xBEEF;
|
static int rng_seed = 0xBEEF;
|
||||||
static int rng_get( void *p_rng, unsigned char *output, size_t output_len )
|
static int rng_get( void *p_rng, unsigned char *output, size_t output_len )
|
||||||
{
|
{
|
||||||
|
@ -103,7 +103,7 @@ typedef struct handshake_test_options
|
||||||
|
|
||||||
void init_handshake_options( handshake_test_options *opts )
|
void init_handshake_options( handshake_test_options *opts )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
srand( rng_seed );
|
srand( rng_seed );
|
||||||
rng_seed += 0xD0;
|
rng_seed += 0xD0;
|
||||||
#endif
|
#endif
|
||||||
|
@ -790,7 +790,7 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
|
||||||
return msg_len;
|
return msg_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Structure with endpoint's certificates for SSL communication tests.
|
* Structure with endpoint's certificates for SSL communication tests.
|
||||||
|
@ -1178,7 +1178,7 @@ int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
|
||||||
return ( max_steps >= 0 ) ? ret : -1;
|
return ( max_steps >= 0 ) ? ret : -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Write application data. Increase write counter if necessary.
|
* Write application data. Increase write counter if necessary.
|
||||||
|
@ -1750,7 +1750,7 @@ static int ssl_tls12_populate_session( mbedtls_ssl_session *session,
|
||||||
memset( session->id, 66, session->id_len );
|
memset( session->id, 66, session->id_len );
|
||||||
memset( session->master, 17, sizeof( session->master ) );
|
memset( session->master, 17, sizeof( session->master ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
|
||||||
if( crt_file != NULL && strlen( crt_file ) != 0 )
|
if( crt_file != NULL && strlen( crt_file ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_x509_crt tmp_crt;
|
mbedtls_x509_crt tmp_crt;
|
||||||
|
@ -1801,9 +1801,9 @@ static int ssl_tls12_populate_session( mbedtls_ssl_session *session,
|
||||||
|
|
||||||
mbedtls_x509_crt_free( &tmp_crt );
|
mbedtls_x509_crt_free( &tmp_crt );
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
|
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
|
||||||
(void) crt_file;
|
(void) crt_file;
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
|
||||||
session->verify_result = 0xdeadbeef;
|
session->verify_result = 0xdeadbeef;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
@ -2029,7 +2029,7 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
|
||||||
ssl_2, 256, 1 );
|
ssl_2, 256, 1 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version,
|
static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version,
|
||||||
const mbedtls_ssl_context *ssl )
|
const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
@ -2066,10 +2066,10 @@ static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_v
|
||||||
exit:
|
exit:
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
void perform_handshake( handshake_test_options *options )
|
void perform_handshake( handshake_test_options *options )
|
||||||
{
|
{
|
||||||
/* forced_ciphersuite needs to last until the end of the handshake */
|
/* forced_ciphersuite needs to last until the end of the handshake */
|
||||||
|
@ -2467,7 +2467,7 @@ exit:
|
||||||
#endif
|
#endif
|
||||||
USE_PSA_DONE( );
|
USE_PSA_DONE( );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_TEST_HOOKS)
|
#if defined(MBEDTLS_TEST_HOOKS)
|
||||||
/*
|
/*
|
||||||
|
@ -3685,7 +3685,7 @@ void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
|
void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_context ssl;
|
mbedtls_ssl_context ssl;
|
||||||
|
@ -4752,7 +4752,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file,
|
||||||
TEST_ASSERT( memcmp( original.master,
|
TEST_ASSERT( memcmp( original.master,
|
||||||
restored.master, sizeof( original.master ) ) == 0 );
|
restored.master, sizeof( original.master ) ) == 0 );
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
TEST_ASSERT( ( original.peer_cert == NULL ) ==
|
TEST_ASSERT( ( original.peer_cert == NULL ) ==
|
||||||
( restored.peer_cert == NULL ) );
|
( restored.peer_cert == NULL ) );
|
||||||
|
@ -4778,7 +4778,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file,
|
||||||
original.peer_cert_digest_len ) == 0 );
|
original.peer_cert_digest_len ) == 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
TEST_ASSERT( original.verify_result == restored.verify_result );
|
TEST_ASSERT( original.verify_result == restored.verify_result );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
|
@ -5100,7 +5100,7 @@ void ssl_session_serialize_version_check( int corrupt_major,
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void mbedtls_endpoint_sanity( int endpoint_type )
|
void mbedtls_endpoint_sanity( int endpoint_type )
|
||||||
{
|
{
|
||||||
enum { BUFFSIZE = 1024 };
|
enum { BUFFSIZE = 1024 };
|
||||||
|
@ -5127,7 +5127,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
|
||||||
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
|
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
|
||||||
{
|
{
|
||||||
enum { BUFFSIZE = 1024 };
|
enum { BUFFSIZE = 1024 };
|
||||||
|
@ -5183,7 +5183,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
|
||||||
void handshake_version( int dtls, int client_min_version, int client_max_version,
|
void handshake_version( int dtls, int client_min_version, int client_max_version,
|
||||||
int server_min_version, int server_max_version,
|
int server_min_version, int server_max_version,
|
||||||
int expected_negotiated_version )
|
int expected_negotiated_version )
|
||||||
|
@ -5208,7 +5208,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
|
void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
|
||||||
{
|
{
|
||||||
handshake_test_options options;
|
handshake_test_options options;
|
||||||
|
@ -5229,7 +5229,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void handshake_cipher( char* cipher, int pk_alg, int dtls )
|
void handshake_cipher( char* cipher, int pk_alg, int dtls )
|
||||||
{
|
{
|
||||||
test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
|
test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
|
||||||
|
@ -5239,7 +5239,7 @@ void handshake_cipher( char* cipher, int pk_alg, int dtls )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void handshake_ciphersuite_select( char* cipher, int pk_alg, data_t *psk_str,
|
void handshake_ciphersuite_select( char* cipher, int pk_alg, data_t *psk_str,
|
||||||
int psa_alg, int psa_alg2, int psa_usage,
|
int psa_alg, int psa_alg2, int psa_usage,
|
||||||
int expected_handshake_result,
|
int expected_handshake_result,
|
||||||
|
@ -5266,7 +5266,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void app_data( int mfl, int cli_msg_len, int srv_msg_len,
|
void app_data( int mfl, int cli_msg_len, int srv_msg_len,
|
||||||
int expected_cli_fragments,
|
int expected_cli_fragments,
|
||||||
int expected_srv_fragments, int dtls )
|
int expected_srv_fragments, int dtls )
|
||||||
|
@ -5294,7 +5294,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
|
||||||
void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
|
void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
|
||||||
int expected_cli_fragments,
|
int expected_cli_fragments,
|
||||||
int expected_srv_fragments )
|
int expected_srv_fragments )
|
||||||
|
@ -5306,7 +5306,7 @@ void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
|
void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
|
||||||
int expected_cli_fragments,
|
int expected_cli_fragments,
|
||||||
int expected_srv_fragments )
|
int expected_srv_fragments )
|
||||||
|
@ -5318,7 +5318,7 @@ void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void handshake_serialization( )
|
void handshake_serialization( )
|
||||||
{
|
{
|
||||||
handshake_test_options options;
|
handshake_test_options options;
|
||||||
|
@ -5334,7 +5334,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
|
void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
|
||||||
{
|
{
|
||||||
handshake_test_options options;
|
handshake_test_options options;
|
||||||
|
@ -5373,7 +5373,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void renegotiation( int legacy_renegotiation )
|
void renegotiation( int legacy_renegotiation )
|
||||||
{
|
{
|
||||||
handshake_test_options options;
|
handshake_test_options options;
|
||||||
|
@ -5392,7 +5392,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
||||||
int serialize, int dtls, char *cipher )
|
int serialize, int dtls, char *cipher )
|
||||||
{
|
{
|
||||||
|
@ -5416,7 +5416,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void resize_buffers_serialize_mfl( int mfl )
|
void resize_buffers_serialize_mfl( int mfl )
|
||||||
{
|
{
|
||||||
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
|
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
|
||||||
|
@ -5427,7 +5427,7 @@ void resize_buffers_serialize_mfl( int mfl )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
|
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
|
||||||
char *cipher )
|
char *cipher )
|
||||||
{
|
{
|
||||||
|
@ -5828,7 +5828,7 @@ void conf_group()
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
void force_bad_session_id_len( )
|
void force_bad_session_id_len( )
|
||||||
{
|
{
|
||||||
enum { BUFFSIZE = 1024 };
|
enum { BUFFSIZE = 1024 };
|
||||||
|
@ -6015,7 +6015,7 @@ void cid_sanity( )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_C */
|
||||||
void raw_key_agreement_fail( int bad_server_ecdhe_key )
|
void raw_key_agreement_fail( int bad_server_ecdhe_key )
|
||||||
{
|
{
|
||||||
enum { BUFFSIZE = 17000 };
|
enum { BUFFSIZE = 17000 };
|
||||||
|
@ -6086,7 +6086,7 @@ exit:
|
||||||
USE_PSA_DONE( );
|
USE_PSA_DONE( );
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
void tls13_server_certificate_msg_invalid_vector_len( )
|
void tls13_server_certificate_msg_invalid_vector_len( )
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
Loading…
Reference in a new issue