mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-29 13:20:21 +00:00
tls: Simplify the logic of the config version check and test it
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
3cffc5ccb1
commit
37bdaab64f
@ -882,13 +882,6 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
|
||||
const mbedtls_ssl_config *conf = ssl->conf;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( mbedtls_ssl_conf_is_tls13_enabled( conf ) &&
|
||||
( conf->endpoint == MBEDTLS_SSL_IS_SERVER ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
if( mbedtls_ssl_conf_is_tls13_only( conf ) )
|
||||
{
|
||||
if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
@ -896,6 +889,13 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
|
||||
return( 0 );
|
||||
}
|
||||
@ -917,6 +917,13 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -3212,5 +3212,123 @@ conf_curve:
|
||||
Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
|
||||
conf_group:
|
||||
|
||||
Version config: valid client TLS 1.2 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:0
|
||||
|
||||
Version config: valid client DTLS 1.2 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:0
|
||||
|
||||
Version config: valid server TLS 1.2 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:0
|
||||
|
||||
Version config: valid server DTLS 1.2 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:0
|
||||
|
||||
Version config: invalid client TLS 1.2 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid client DTLS 1.2 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid server TLS 1.2 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid server DTLS 1.2 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: valid client TLS 1.3 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:0
|
||||
|
||||
Version config: unsupported client DTLS 1.3 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
||||
Version config: unsupported server TLS 1.3 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
||||
Version config: unsupported server DTLS 1.3 only
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
||||
Version config: invalid client TLS 1.3 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid client DTLS 1.3 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid server TLS 1.3 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid server DTLS 1.3 only
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:4:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: valid client hybrid TLS 1.2/3
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:0
|
||||
|
||||
Version config: unsupported client hybrid DTLS 1.2/3
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
||||
Version config: unsupported server hybrid TLS 1.2/3
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
||||
Version config: unsupported server hybrid DTLS 1.2/3
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
||||
Version config: valid client hybrid TLS 1.2/3, no TLS 1.2
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.2
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.2
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.2
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: valid client hybrid TLS 1.2/3, no TLS 1.3
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.3
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: unsupported server hybrid TLS 1.2/3, no TLS 1.3
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.3
|
||||
depends_on:!MBEDTLS_SSL_PROTO_TLS1_3
|
||||
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:3:3:3:4:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid minimum version
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:2:3:3:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Version config: invalid maximum version
|
||||
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:3:4:3:5:MBEDTLS_ERR_SSL_BAD_CONFIG
|
||||
|
||||
Test accessor into timing_delay_context
|
||||
timing_final_delay_accessor
|
||||
|
@ -5369,6 +5369,30 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void conf_version( int endpoint, int transport,
|
||||
int min_version_major, int min_version_minor,
|
||||
int max_version_major, int max_version_minor,
|
||||
int expected_ssl_setup_result )
|
||||
{
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_ssl_context ssl;
|
||||
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
|
||||
mbedtls_ssl_conf_endpoint( &conf, endpoint );
|
||||
mbedtls_ssl_conf_transport( &conf, transport );
|
||||
mbedtls_ssl_conf_min_version( &conf, min_version_major, min_version_minor );
|
||||
mbedtls_ssl_conf_max_version( &conf, max_version_major, max_version_minor );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == expected_ssl_setup_result );
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
void conf_curve()
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user