From e0a6412d8ded518e0b38b8610b2bbc7d639b177a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Dec 2021 11:06:26 +0800 Subject: [PATCH 01/48] tls13_only: check_config pass Signed-off-by: Jerry Yu --- include/mbedtls/check_config.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d7cc7bcd64..c25ac0a885 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -643,7 +643,8 @@ #error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_TLS_C) && \ + !( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) #error "MBEDTLS_SSL_TLS_C defined, but no protocols are active" #endif From c3091b1c8c0acb2152d931c508138600a6235fec Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Dec 2021 14:57:39 +0800 Subject: [PATCH 02/48] tls13_only: compile pass Signed-off-by: Jerry Yu --- library/ssl_cli.c | 2 ++ library/ssl_misc.h | 12 ++++++++---- library/ssl_srv.c | 16 +++++++++++----- library/ssl_tls.c | 33 ++++++++++++++++++++++++++++----- 4 files changed, 49 insertions(+), 14 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 694473f2b0..e5cd8ddbdb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2931,8 +2931,10 @@ start_processing: #endif mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void *rs_ctx = NULL; mbedtls_pk_context * peer_pk; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4d753c8b7e..9104a591bf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -79,7 +79,9 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 @@ -87,10 +89,14 @@ /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 +#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + + /* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ defined(MBEDTLS_SSL_CLI_C) && \ @@ -748,7 +754,6 @@ struct mbedtls_ssl_handshake_params /* * Checksum contexts */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha256_psa; @@ -763,7 +768,6 @@ struct mbedtls_ssl_handshake_params mbedtls_sha512_context fin_sha512; #endif #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) uint16_t offered_group_id; /* The NamedGroup value for the group diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 522e59e33b..f4bf5bff60 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2956,9 +2956,11 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->handshake->ciphersuite_info; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) unsigned char *dig_signed = NULL; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED && + MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ (void) ciphersuite_info; /* unused in some configurations */ @@ -3064,7 +3066,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) dig_signed = ssl->out_msg + ssl->out_msglen; #endif @@ -3130,7 +3133,8 @@ curve_matching_done: return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) dig_signed = ssl->out_msg + ssl->out_msglen; #endif @@ -3150,7 +3154,9 @@ curve_matching_done: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ size_t hashlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char hash[PSA_HASH_MAX_SIZE]; @@ -3165,7 +3171,7 @@ curve_matching_done: * to choose appropriate hash. */ - mbedtls_md_type_t md_alg; + mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_pk_type_t sig_alg = diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae6f635c99..24afbe4a43 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -632,6 +632,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + ((void) tls_prf); return( MBEDTLS_SSL_TLS_PRF_NONE ); } @@ -1121,8 +1122,11 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, int minor_ver, mbedtls_md_type_t hash ) { -#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA384_C) +#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || \ + !( defined(MBEDTLS_SHA384_C) || defined(MBEDTLS_SHA256_C) ) (void) hash; + (void) handshake; + (void) minor_ver; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -2001,9 +2005,8 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); return( 0 ); } - - return( -1 ); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + return( -1 ); } #endif /* MBEDTLS_SSL_SRV_C */ @@ -2458,6 +2461,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { + ((void) ssl); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -2481,6 +2485,9 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { + ((void) ssl); + ((void) buf); + ((void) len); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -5198,6 +5205,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, return( ssl_session_save( session, 0, buf, buf_len, olen ) ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Deserialize session, see mbedtls_ssl_session_save() for format. * @@ -5402,6 +5410,7 @@ static int ssl_session_load_tls12( mbedtls_ssl_session *session, return( 0 ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ static int ssl_session_load( mbedtls_ssl_session *session, unsigned char omit_header, @@ -6212,6 +6221,10 @@ typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, unsigned char *dstbuf, size_t dlen ); static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +/* TODO: This function has some problem when + !MBEDTLS_SHA384_C && !MBEDTLS_SHA256_C && MBEDTLS_SHA512_C +*/ #if defined(MBEDTLS_SHA384_C) const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); @@ -6222,6 +6235,11 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) (void) ciphersuite_id; #endif return( tls_prf_sha256 ); +#else + ((void) ciphersuite_id); + return NULL; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + } /* @@ -7593,16 +7611,21 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ); -#endif /* MBEDTLS_SHA384_C */ +#endif /* MBEDTLS_SHA384_C && MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ); -#endif /* MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_SHA256_C && MBEDTLS_SSL_PROTO_TLS1_2*/ default: break; } + ((void) ssl); + ((void) md); + ((void) dst); + ((void) dst_len); + ((void) olen); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } From c10f6b4735716f0f1c2fc16371cf39e5581d9d2d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Dec 2021 17:16:42 +0800 Subject: [PATCH 03/48] tls13_only: simple test pass Signed-off-by: Jerry Yu --- library/ssl_tls.c | 59 ++++++++++++++++++++++++++--------------------- tests/ssl-opt.sh | 10 ++++++-- 2 files changed, 41 insertions(+), 28 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 24afbe4a43..2d24cadfcb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -333,7 +333,7 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, @@ -574,11 +574,11 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen, label, random, rlen, dstbuf, dlen ) ); } #endif /* MBEDTLS_SHA384_C */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); @@ -590,7 +590,7 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned ch static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1129,7 +1129,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, (void) minor_ver; #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA384_C) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && hash == MBEDTLS_MD_SHA384 ) @@ -1149,7 +1149,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, } else #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -1366,7 +1366,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( 0 ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char *hash, @@ -1464,7 +1464,7 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, return; } #endif /* MBEDTLS_SHA384_C */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) @@ -2441,7 +2441,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, { ((void) ciphersuite_info); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA384_C) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) ssl->handshake->update_checksum = ssl_update_checksum_sha384; @@ -2452,7 +2452,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, ssl->handshake->update_checksum = ssl_update_checksum_sha256; else #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return; @@ -2462,7 +2462,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { ((void) ssl); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort( &ssl->handshake->fin_sha256_psa ); @@ -2479,7 +2479,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); #endif #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, @@ -2488,7 +2488,7 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, ((void) ssl); ((void) buf); ((void) len); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); @@ -2503,10 +2503,10 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); #endif #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -2530,9 +2530,9 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #endif } #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) @@ -2684,7 +2684,7 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } #endif /* MBEDTLS_SHA384_C */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) { @@ -2974,7 +2974,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) { memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); @@ -2993,7 +2993,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); #endif #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ handshake->update_checksum = ssl_update_checksum_start; @@ -7582,8 +7582,11 @@ static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); mbedtls_sha256_init( &sha256 ); + // MBEDTLS_SSL_DEBUG_BUF(2,"ssl_get_handshake_transcript_sha256:sha256", &sha256, sizeof(sha256)); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - + // MBEDTLS_SSL_DEBUG_MSG(2,("ssl_get_handshake_transcript_sha256")); + // MBEDTLS_SSL_DEBUG_BUF(2,"ssl_get_handshake_transcript_sha256:sha256", &sha256, sizeof(sha256)); + // MBEDTLS_SSL_DEBUG_BUF(2,"ssl_get_handshake_transcript_sha256:ssl->handshake->fin_sha256", &ssl->handshake->fin_sha256, sizeof(ssl->handshake->fin_sha256)); if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret ); @@ -7605,18 +7608,21 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, size_t dst_len, size_t *olen ) { + int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; switch( md ) { #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: - return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ); -#endif /* MBEDTLS_SHA384_C && MBEDTLS_SSL_PROTO_TLS1_2 */ + ret = ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ; + break; +#endif /* MBEDTLS_SHA384_C */ #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: - return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ); -#endif /* MBEDTLS_SHA256_C && MBEDTLS_SSL_PROTO_TLS1_2*/ + ret = ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ; + break; +#endif /* MBEDTLS_SHA256_C */ default: break; @@ -7626,7 +7632,8 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, ((void) dst); ((void) dst_len); ((void) olen); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + return( ret ); } #endif /* !MBEDTLS_USE_PSA_CRYPTO */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ddf831f1df..ce99388fb4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1703,31 +1703,37 @@ run_test "SHA-256 allowed by default in client certificate" \ # Dummy TLS 1.3 test # Currently only checking that passing TLS 1.3 key exchange modes to # ssl_client2/ssl_server2 example programs works. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \ - "$P_SRV tls13_kex_modes=psk" \ - "$P_CLI tls13_kex_modes=psk" \ + "$P_SRV tls13_kex_modes=psk debug_level=4" \ + "$P_CLI tls13_kex_modes=psk debug_level=4" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \ "$P_SRV tls13_kex_modes=psk_ephemeral" \ "$P_CLI tls13_kex_modes=psk_ephemeral" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \ "$P_SRV tls13_kex_modes=ephemeral" \ "$P_CLI tls13_kex_modes=ephemeral" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \ "$P_SRV tls13_kex_modes=ephemeral_all" \ "$P_CLI tls13_kex_modes=ephemeral_all" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \ "$P_SRV tls13_kex_modes=psk_all" \ "$P_CLI tls13_kex_modes=psk_all" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "TLS 1.3, key exchange mode parameter passing: All" \ "$P_SRV tls13_kex_modes=all" \ From 8a497205ccc0094585a9f37f27339e4185194d85 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Dec 2021 17:28:52 +0800 Subject: [PATCH 04/48] tls13_only: tls 1.3 suite pass Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ce99388fb4..ec6b8fe744 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9039,7 +9039,6 @@ run_test "TLS 1.3: Not supported version check: tls12 and tls13" \ -s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \ -c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "TLS 1.3: handshake dispatch test: tls13 only" \ "$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \ From ab08290c098301da4b8cda19044038d036984f29 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Dec 2021 18:02:22 +0800 Subject: [PATCH 05/48] tls13_only: skip tls12 tests. TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip them if it is not set Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 592 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 592 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ec6b8fe744..2aa2657cef 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1192,6 +1192,7 @@ run_test() { } run_test_psa() { + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA-supported ciphersuite: $1" \ "$P_SRV debug_level=3 force_version=tls12" \ @@ -1211,6 +1212,7 @@ run_test_psa() { } run_test_psa_force_curve() { + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA - ECDH with $1" \ "$P_SRV debug_level=4 force_version=tls12 curves=$1" \ @@ -1445,6 +1447,7 @@ trap cleanup INT TERM HUP # - things work with all ciphersuites active (used with config-full in all.sh) # - the expected parameters are selected # ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Default" \ "$P_SRV debug_level=3" \ "$P_CLI" \ @@ -1456,6 +1459,7 @@ run_test "Default" \ -S "error" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Default, DTLS" \ "$P_SRV dtls=1" \ "$P_CLI dtls=1" \ @@ -1463,12 +1467,14 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "TLS client auth: required" \ "$P_SRV auth_mode=required" \ "$P_CLI" \ 0 \ -s "Verifying peer X.509 certificate... ok" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ @@ -1476,6 +1482,7 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ -c "Key size is 256" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -1483,6 +1490,7 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ -c "Key size is 128" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -1491,6 +1499,7 @@ run_test "TLS: password protected client key" \ "$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -1499,6 +1508,7 @@ run_test "TLS: password protected server key" \ "$P_CLI" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C @@ -1510,6 +1520,7 @@ run_test "TLS: password protected server key, two certificates" \ "$P_CLI" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "CA callback on client" \ "$P_SRV debug_level=3" \ @@ -1519,6 +1530,7 @@ run_test "CA callback on client" \ -S "error" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C @@ -1534,6 +1546,7 @@ run_test "CA callback on server" \ -C "error" # Test using an opaque private key for client authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C @@ -1552,6 +1565,7 @@ run_test "Opaque key for client authentication" \ -C "error" # Test using an opaque private key for server authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C @@ -1570,6 +1584,7 @@ run_test "Opaque key for server authentication" \ -C "error" # Test using an opaque private key for client/server authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C @@ -1630,6 +1645,7 @@ requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED run_test_psa_force_curve "secp192k1" # Test current time in ServerHello +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_HAVE_TIME run_test "ServerHello contains gmt_unix_time" \ "$P_SRV debug_level=3" \ @@ -1639,6 +1655,7 @@ run_test "ServerHello contains gmt_unix_time" \ -F "check_server_hello_time" # Test for uniqueness of IVs in AEAD ciphersuites +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Unique IV in GCM" \ "$P_SRV exchanges=20 debug_level=4" \ "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ @@ -1647,6 +1664,7 @@ run_test "Unique IV in GCM" \ -U "IV used" # Tests for certificate verification callback +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ "$P_CLI context_crt_cb=0 debug_level=3" \ @@ -1657,6 +1675,7 @@ run_test "Configuration-specific CRT verification callback" \ -C "Use context-specific verification callback" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Context-specific CRT verification callback" \ "$P_SRV debug_level=3" \ "$P_CLI context_crt_cb=1 debug_level=3" \ @@ -1668,33 +1687,39 @@ run_test "Context-specific CRT verification callback" \ -C "error" # Tests for SHA-1 support +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SHA-1 forbidden by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI debug_level=2 allow_sha1=0" \ 1 \ -c "The certificate is signed with an unacceptable hash" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SHA-1 explicitly allowed in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI allow_sha1=1" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SHA-256 allowed by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \ "$P_CLI allow_sha1=0" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1 \ -s "The certificate is signed with an unacceptable hash" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SHA-1 explicitly allowed in client certificate" \ "$P_SRV auth_mode=required allow_sha1=1" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SHA-256 allowed by default in client certificate" \ "$P_SRV auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ @@ -1741,6 +1766,7 @@ run_test "TLS 1.3, key exchange mode parameter passing: All" \ 0 # Tests for datagram packing +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, client and server" \ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ @@ -1748,6 +1774,7 @@ run_test "DTLS: multiple records in same datagram, client and server" \ -c "next record in same datagram" \ -s "next record in same datagram" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, client only" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ @@ -1755,6 +1782,7 @@ run_test "DTLS: multiple records in same datagram, client only" \ -s "next record in same datagram" \ -C "next record in same datagram" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, server only" \ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ @@ -1762,6 +1790,7 @@ run_test "DTLS: multiple records in same datagram, server only" \ -S "next record in same datagram" \ -c "next record in same datagram" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, neither client nor server" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ @@ -1771,6 +1800,7 @@ run_test "DTLS: multiple records in same datagram, neither client nor server" # Tests for Context serialization +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, client serializes, CCM" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ @@ -1779,6 +1809,7 @@ run_test "Context serialization, client serializes, CCM" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, client serializes, ChaChaPoly" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ @@ -1787,6 +1818,7 @@ run_test "Context serialization, client serializes, ChaChaPoly" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, client serializes, GCM" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ @@ -1795,6 +1827,7 @@ run_test "Context serialization, client serializes, GCM" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Context serialization, client serializes, with CID" \ @@ -1804,6 +1837,7 @@ run_test "Context serialization, client serializes, with CID" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, server serializes, CCM" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1812,6 +1846,7 @@ run_test "Context serialization, server serializes, CCM" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, server serializes, ChaChaPoly" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1820,6 +1855,7 @@ run_test "Context serialization, server serializes, ChaChaPoly" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, server serializes, GCM" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1828,6 +1864,7 @@ run_test "Context serialization, server serializes, GCM" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Context serialization, server serializes, with CID" \ @@ -1837,6 +1874,7 @@ run_test "Context serialization, server serializes, with CID" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, both serialize, CCM" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1845,6 +1883,7 @@ run_test "Context serialization, both serialize, CCM" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, both serialize, ChaChaPoly" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1853,6 +1892,7 @@ run_test "Context serialization, both serialize, ChaChaPoly" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, both serialize, GCM" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1861,6 +1901,7 @@ run_test "Context serialization, both serialize, GCM" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Context serialization, both serialize, with CID" \ @@ -1870,6 +1911,7 @@ run_test "Context serialization, both serialize, with CID" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, client serializes, CCM" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ @@ -1878,6 +1920,7 @@ run_test "Context serialization, re-init, client serializes, CCM" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ @@ -1886,6 +1929,7 @@ run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, client serializes, GCM" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ @@ -1894,6 +1938,7 @@ run_test "Context serialization, re-init, client serializes, GCM" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Context serialization, re-init, client serializes, with CID" \ @@ -1903,6 +1948,7 @@ run_test "Context serialization, re-init, client serializes, with CID" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, server serializes, CCM" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1911,6 +1957,7 @@ run_test "Context serialization, re-init, server serializes, CCM" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1919,6 +1966,7 @@ run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, server serializes, GCM" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1927,6 +1975,7 @@ run_test "Context serialization, re-init, server serializes, GCM" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Context serialization, re-init, server serializes, with CID" \ @@ -1936,6 +1985,7 @@ run_test "Context serialization, re-init, server serializes, with CID" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, both serialize, CCM" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1944,6 +1994,7 @@ run_test "Context serialization, re-init, both serialize, CCM" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1952,6 +2003,7 @@ run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, both serialize, GCM" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1960,6 +2012,7 @@ run_test "Context serialization, re-init, both serialize, GCM" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Context serialization, re-init, both serialize, with CID" \ @@ -1969,6 +2022,7 @@ run_test "Context serialization, re-init, both serialize, with CID" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Saving the serialized context to a file" \ "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \ @@ -1985,6 +2039,7 @@ rm -f context_cli.txt # grep for output witnessing its use. This needs to be # changed once the CID extension is implemented. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli enabled, Srv disabled" \ "$P_SRV debug_level=3 dtls=1 cid=0" \ @@ -2001,6 +2056,7 @@ run_test "Connection ID: Cli enabled, Srv disabled" \ -C "Copy CIDs into SSL transform" \ -c "Use of Connection ID was rejected by the server" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli disabled, Srv enabled" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ @@ -2016,6 +2072,7 @@ run_test "Connection ID: Cli disabled, Srv enabled" \ -C "Copy CIDs into SSL transform" \ -s "Use of Connection ID was not offered by client" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ @@ -2036,6 +2093,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ @@ -2059,6 +2117,7 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -p "$P_PXY mtu=800" \ @@ -2080,6 +2139,7 @@ run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ @@ -2103,6 +2163,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ @@ -2123,6 +2184,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ @@ -2143,6 +2205,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ @@ -2161,6 +2224,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ -S "Use of Connection ID has been negotiated" \ -C "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ @@ -2181,6 +2245,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8 -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ @@ -2201,6 +2266,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ @@ -2221,6 +2287,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ @@ -2239,6 +2306,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ -S "Use of Connection ID has been negotiated" \ -C "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ @@ -2259,6 +2327,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ @@ -2279,6 +2348,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ @@ -2299,6 +2369,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ @@ -2317,6 +2388,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ -S "Use of Connection ID has been negotiated" \ -C "Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ @@ -2332,6 +2404,7 @@ run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" -s "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ @@ -2347,6 +2420,7 @@ run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ -s "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \ @@ -2362,6 +2436,7 @@ run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with differ -s "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ @@ -2380,6 +2455,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ @@ -2395,6 +2471,7 @@ run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ -C "(after renegotiation) Use of Connection ID has been negotiated" \ -S "(after renegotiation) Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \ @@ -2410,6 +2487,7 @@ run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID -C "(after renegotiation) Use of Connection ID has been negotiated" \ -S "(after renegotiation) Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ @@ -2428,6 +2506,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ @@ -2441,6 +2520,7 @@ run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ -c "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ @@ -2454,6 +2534,7 @@ run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ -c "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID has been negotiated" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ @@ -2470,6 +2551,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ @@ -2486,6 +2568,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ -S "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID was not offered by client" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ @@ -2505,6 +2588,7 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ @@ -2521,6 +2605,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ -S "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID was rejected by the server" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ @@ -2543,6 +2628,7 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" # This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the # tests check that the buffer contents are reallocated when the message is # larger than the buffer. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH requires_max_content_len 513 @@ -2557,6 +2643,7 @@ run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ -s "Reallocating in_buf" \ -s "Reallocating out_buf" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH requires_max_content_len 1025 @@ -2573,6 +2660,7 @@ run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" # Tests for Encrypt-then-MAC extension +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC: default" \ "$P_SRV debug_level=3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -2585,6 +2673,7 @@ run_test "Encrypt then MAC: default" \ -c "using encrypt then mac" \ -s "using encrypt then mac" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC: client enabled, server disabled" \ "$P_SRV debug_level=3 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -2597,6 +2686,7 @@ run_test "Encrypt then MAC: client enabled, server disabled" \ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC: client enabled, aead cipher" \ "$P_SRV debug_level=3 etm=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ @@ -2609,6 +2699,7 @@ run_test "Encrypt then MAC: client enabled, aead cipher" \ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC: client disabled, server enabled" \ "$P_SRV debug_level=3 etm=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -2623,6 +2714,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \ # Tests for Extended Master Secret extension +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Extended Master Secret: default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -2634,6 +2726,7 @@ run_test "Extended Master Secret: default" \ -c "session hash for extended master secret" \ -s "session hash for extended master secret" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Extended Master Secret: client enabled, server disabled" \ "$P_SRV debug_level=3 extended_ms=0" \ "$P_CLI debug_level=3 extended_ms=1" \ @@ -2645,6 +2738,7 @@ run_test "Extended Master Secret: client enabled, server disabled" \ -C "session hash for extended master secret" \ -S "session hash for extended master secret" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Extended Master Secret: client disabled, server enabled" \ "$P_SRV debug_level=3 extended_ms=1" \ "$P_CLI debug_level=3 extended_ms=0" \ @@ -2658,6 +2752,7 @@ run_test "Extended Master Secret: client disabled, server enabled" \ # Test sending and receiving empty application data records +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC: empty application data record" \ "$P_SRV auth_mode=none debug_level=4 etm=1" \ "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ @@ -2666,6 +2761,7 @@ run_test "Encrypt then MAC: empty application data record" \ -s "dumping 'input payload after decrypt' (0 bytes)" \ -c "0 bytes written in 1 fragments" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC: disabled, empty application data record" \ "$P_SRV auth_mode=none debug_level=4 etm=0" \ "$P_CLI auth_mode=none etm=0 request_size=0" \ @@ -2673,6 +2769,7 @@ run_test "Encrypt then MAC: disabled, empty application data record" \ -s "dumping 'input payload after decrypt' (0 bytes)" \ -c "0 bytes written in 1 fragments" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC, DTLS: empty application data record" \ "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ @@ -2681,6 +2778,7 @@ run_test "Encrypt then MAC, DTLS: empty application data record" \ -s "dumping 'input payload after decrypt' (0 bytes)" \ -c "0 bytes written in 1 fragments" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ @@ -2690,6 +2788,7 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ # Tests for CBC 1/n-1 record splitting +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "CBC Record splitting: TLS 1.2, no splitting" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -2701,6 +2800,7 @@ run_test "CBC Record splitting: TLS 1.2, no splitting" \ # Tests for Session Tickets +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: basic" \ "$P_SRV debug_level=3 tickets=1" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2730,6 +2830,7 @@ run_test "Session resume using tickets: manual rotation" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: cache disabled" \ "$P_SRV debug_level=3 tickets=1 cache_max=0" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2744,6 +2845,7 @@ run_test "Session resume using tickets: cache disabled" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: timeout" \ "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \ @@ -2758,6 +2860,7 @@ run_test "Session resume using tickets: timeout" \ -S "a session has been resumed" \ -C "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: session copy" \ "$P_SRV debug_level=3 tickets=1 cache_max=0" \ "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ @@ -2772,6 +2875,7 @@ run_test "Session resume using tickets: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: openssl server" \ "$O_SRV" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2781,6 +2885,7 @@ run_test "Session resume using tickets: openssl server" \ -c "parse new session ticket" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: openssl client" \ "$P_SRV debug_level=3 tickets=1" \ "( $O_CLI -sess_out $SESSION; \ @@ -2793,6 +2898,7 @@ run_test "Session resume using tickets: openssl client" \ -s "session successfully restored from ticket" \ -s "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: AES-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2807,6 +2913,7 @@ run_test "Session resume using tickets: AES-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: AES-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2821,6 +2928,7 @@ run_test "Session resume using tickets: AES-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: AES-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2835,6 +2943,7 @@ run_test "Session resume using tickets: AES-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: AES-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2849,6 +2958,7 @@ run_test "Session resume using tickets: AES-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: AES-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2863,6 +2973,7 @@ run_test "Session resume using tickets: AES-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: CAMELLIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2877,6 +2988,7 @@ run_test "Session resume using tickets: CAMELLIA-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: CAMELLIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2891,6 +3003,7 @@ run_test "Session resume using tickets: CAMELLIA-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: CAMELLIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2905,6 +3018,7 @@ run_test "Session resume using tickets: CAMELLIA-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: ARIA-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2919,6 +3033,7 @@ run_test "Session resume using tickets: ARIA-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: ARIA-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2933,6 +3048,7 @@ run_test "Session resume using tickets: ARIA-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: ARIA-256-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2947,6 +3063,7 @@ run_test "Session resume using tickets: ARIA-256-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: ARIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2961,6 +3078,7 @@ run_test "Session resume using tickets: ARIA-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: ARIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2975,6 +3093,7 @@ run_test "Session resume using tickets: ARIA-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: ARIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -2991,6 +3110,7 @@ run_test "Session resume using tickets: ARIA-256-CCM" \ # Tests for Session Tickets with DTLS +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets, DTLS: basic" \ "$P_SRV debug_level=3 dtls=1 tickets=1" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -3005,6 +3125,7 @@ run_test "Session resume using tickets, DTLS: basic" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets, DTLS: cache disabled" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -3019,6 +3140,7 @@ run_test "Session resume using tickets, DTLS: cache disabled" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets, DTLS: timeout" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \ @@ -3033,6 +3155,7 @@ run_test "Session resume using tickets, DTLS: timeout" \ -S "a session has been resumed" \ -C "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets, DTLS: session copy" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \ @@ -3047,6 +3170,7 @@ run_test "Session resume using tickets, DTLS: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ @@ -3059,6 +3183,7 @@ run_test "Session resume using tickets, DTLS: openssl server" \ # For reasons that aren't fully understood, this test randomly fails with high # probability with OpenSSL 1.0.2g on the CI, see #5012. requires_openssl_next +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ @@ -3073,6 +3198,7 @@ run_test "Session resume using tickets, DTLS: openssl client" \ # Tests for Session Resume based on session-ID and cache +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: tickets enabled on client" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -3087,6 +3213,7 @@ run_test "Session resume using cache: tickets enabled on client" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: tickets enabled on server" \ "$P_SRV debug_level=3 tickets=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3101,6 +3228,7 @@ run_test "Session resume using cache: tickets enabled on server" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: cache_max=0" \ "$P_SRV debug_level=3 tickets=0 cache_max=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3110,6 +3238,7 @@ run_test "Session resume using cache: cache_max=0" \ -S "a session has been resumed" \ -C "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: cache_max=1" \ "$P_SRV debug_level=3 tickets=0 cache_max=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3119,6 +3248,7 @@ run_test "Session resume using cache: cache_max=1" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: timeout > delay" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ @@ -3128,6 +3258,7 @@ run_test "Session resume using cache: timeout > delay" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: timeout < delay" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -3137,6 +3268,7 @@ run_test "Session resume using cache: timeout < delay" \ -S "a session has been resumed" \ -C "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: no timeout" \ "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ @@ -3146,6 +3278,7 @@ run_test "Session resume using cache: no timeout" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: session copy" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ @@ -3155,6 +3288,7 @@ run_test "Session resume using cache: session copy" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: openssl client" \ "$P_SRV debug_level=3 tickets=0" \ "( $O_CLI -sess_out $SESSION; \ @@ -3167,6 +3301,7 @@ run_test "Session resume using cache: openssl client" \ -S "session successfully restored from ticket" \ -s "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: openssl server" \ "$O_SRV" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -3177,6 +3312,7 @@ run_test "Session resume using cache: openssl server" \ # Tests for Session Resume based on session-ID and cache, DTLS +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: tickets enabled on client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -3191,6 +3327,7 @@ run_test "Session resume using cache, DTLS: tickets enabled on client" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: tickets enabled on server" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3205,6 +3342,7 @@ run_test "Session resume using cache, DTLS: tickets enabled on server" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: cache_max=0" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3214,6 +3352,7 @@ run_test "Session resume using cache, DTLS: cache_max=0" \ -S "a session has been resumed" \ -C "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: cache_max=1" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -3223,6 +3362,7 @@ run_test "Session resume using cache, DTLS: cache_max=1" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: timeout > delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ @@ -3232,6 +3372,7 @@ run_test "Session resume using cache, DTLS: timeout > delay" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: timeout < delay" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ @@ -3241,6 +3382,7 @@ run_test "Session resume using cache, DTLS: timeout < delay" \ -S "a session has been resumed" \ -C "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: no timeout" \ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ @@ -3250,6 +3392,7 @@ run_test "Session resume using cache, DTLS: no timeout" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: session copy" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ @@ -3262,6 +3405,7 @@ run_test "Session resume using cache, DTLS: session copy" \ # For reasons that aren't fully understood, this test randomly fails with high # probability with OpenSSL 1.0.2g on the CI, see #5012. requires_openssl_next +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ @@ -3274,6 +3418,7 @@ run_test "Session resume using cache, DTLS: openssl client" \ -S "session successfully restored from ticket" \ -s "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -3285,6 +3430,7 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -3299,6 +3445,7 @@ run_test "Max fragment length: enabled, default" \ -C "found max_fragment_length extension" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3316,6 +3463,7 @@ run_test "Max fragment length: enabled, default, larger message" \ -s "1 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3335,6 +3483,7 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ # content length configuration.) requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3348,6 +3497,7 @@ run_test "Max fragment length: disabled, larger message" \ -s "1 bytes read" requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length, DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ @@ -3360,6 +3510,7 @@ run_test "Max fragment length, DTLS: disabled, larger message" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -3375,6 +3526,7 @@ run_test "Max fragment length: used by client" \ requires_max_content_len 1024 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 512, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ "$P_CLI debug_level=3 max_frag_len=512" \ @@ -3390,6 +3542,7 @@ run_test "Max fragment length: client 512, server 1024" \ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 512, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ "$P_CLI debug_level=3 max_frag_len=512" \ @@ -3405,6 +3558,7 @@ run_test "Max fragment length: client 512, server 2048" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 512, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3 max_frag_len=512" \ @@ -3420,6 +3574,7 @@ run_test "Max fragment length: client 512, server 4096" \ requires_max_content_len 1024 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 1024, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ "$P_CLI debug_level=3 max_frag_len=1024" \ @@ -3435,6 +3590,7 @@ run_test "Max fragment length: client 1024, server 512" \ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 1024, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ "$P_CLI debug_level=3 max_frag_len=1024" \ @@ -3450,6 +3606,7 @@ run_test "Max fragment length: client 1024, server 2048" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 1024, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3 max_frag_len=1024" \ @@ -3465,6 +3622,7 @@ run_test "Max fragment length: client 1024, server 4096" \ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 2048, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ "$P_CLI debug_level=3 max_frag_len=2048" \ @@ -3480,6 +3638,7 @@ run_test "Max fragment length: client 2048, server 512" \ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 2048, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ "$P_CLI debug_level=3 max_frag_len=2048" \ @@ -3495,6 +3654,7 @@ run_test "Max fragment length: client 2048, server 1024" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 2048, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3 max_frag_len=2048" \ @@ -3510,6 +3670,7 @@ run_test "Max fragment length: client 2048, server 4096" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 4096, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -3525,6 +3686,7 @@ run_test "Max fragment length: client 4096, server 512" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 4096, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -3540,6 +3702,7 @@ run_test "Max fragment length: client 4096, server 1024" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client 4096, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -3555,6 +3718,7 @@ run_test "Max fragment length: client 4096, server 2048" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ @@ -3571,6 +3735,7 @@ run_test "Max fragment length: used by server" \ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: gnutls server" \ "$G_SRV" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -3582,6 +3747,7 @@ run_test "Max fragment length: gnutls server" \ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ @@ -3599,6 +3765,7 @@ run_test "Max fragment length: client, message just fits" \ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ @@ -3617,6 +3784,7 @@ run_test "Max fragment length: client, larger message" \ requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ @@ -3634,6 +3802,7 @@ run_test "Max fragment length: DTLS client, larger message" \ # Tests for renegotiation # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: none, for reference" \ "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2" \ @@ -3648,6 +3817,7 @@ run_test "Renegotiation: none, for reference" \ -S "write hello request" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: client-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -3662,6 +3832,7 @@ run_test "Renegotiation: client-initiated" \ -S "write hello request" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: server-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -3679,6 +3850,7 @@ run_test "Renegotiation: server-initiated" \ # the server did not parse the Signature Algorithm extension. This test is valid only if an MD # algorithm stronger than SHA-1 is enabled in mbedtls_config.h requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -3697,6 +3869,7 @@ run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ # the server did not parse the Signature Algorithm extension. This test is valid only if an MD # algorithm stronger than SHA-1 is enabled in mbedtls_config.h requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -3712,6 +3885,7 @@ run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: double" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -3728,6 +3902,7 @@ run_test "Renegotiation: double" \ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation with max fragment length: client 2048, server 512" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -3750,6 +3925,7 @@ run_test "Renegotiation with max fragment length: client 2048, server 512" \ -s "write hello request" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: client-initiated, server-rejected" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -3766,6 +3942,7 @@ run_test "Renegotiation: client-initiated, server-rejected" \ -c "failed" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: server-initiated, client-rejected, default" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ @@ -3782,6 +3959,7 @@ run_test "Renegotiation: server-initiated, client-rejected, default" \ -S "failed" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=-1 auth_mode=optional" \ @@ -3800,6 +3978,7 @@ run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ # delay 2 for 1 alert record + 1 application data record requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=2 auth_mode=optional" \ @@ -3817,6 +3996,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ -S "failed" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=0 auth_mode=optional" \ @@ -3833,6 +4013,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ -s "SSL - An unexpected message was received from our peer" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=0 auth_mode=optional" \ @@ -3850,6 +4031,7 @@ run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ -S "failed" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: periodic, just below period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -3868,6 +4050,7 @@ run_test "Renegotiation: periodic, just below period" \ # one extra exchange to be able to complete renego requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: periodic, just above period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ @@ -3885,6 +4068,7 @@ run_test "Renegotiation: periodic, just above period" \ -S "failed" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: periodic, two times period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \ @@ -3902,6 +4086,7 @@ run_test "Renegotiation: periodic, two times period" \ -S "failed" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: periodic, above period, disabled" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ @@ -3919,6 +4104,7 @@ run_test "Renegotiation: periodic, above period, disabled" \ -S "failed" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: nbio, client-initiated" \ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -3933,6 +4119,7 @@ run_test "Renegotiation: nbio, client-initiated" \ -S "write hello request" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: nbio, server-initiated" \ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ @@ -3947,6 +4134,7 @@ run_test "Renegotiation: nbio, server-initiated" \ -s "write hello request" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: openssl server, client-initiated" \ "$O_SRV -www" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -3960,6 +4148,7 @@ run_test "Renegotiation: openssl server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server strict, client-initiated" \ "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -3973,6 +4162,7 @@ run_test "Renegotiation: gnutls server strict, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -3986,6 +4176,7 @@ run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -4000,6 +4191,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -4013,6 +4205,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: DTLS, client-initiated" \ "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -4027,6 +4220,7 @@ run_test "Renegotiation: DTLS, client-initiated" \ -S "write hello request" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: DTLS, server-initiated" \ "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ @@ -4042,6 +4236,7 @@ run_test "Renegotiation: DTLS, server-initiated" \ -s "write hello request" requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: DTLS, renego_period overflow" \ "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ @@ -4057,6 +4252,7 @@ run_test "Renegotiation: DTLS, renego_period overflow" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -4071,6 +4267,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ # Test for the "secure renegotation" extension only (no actual renegotiation) requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server strict, client default" \ "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ @@ -4080,6 +4277,7 @@ run_test "Renego ext: gnutls server strict, client default" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client default" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ @@ -4089,6 +4287,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client break legacy" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 allow_legacy=-1" \ @@ -4098,6 +4297,7 @@ run_test "Renego ext: gnutls server unsafe, client break legacy" \ -C "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client strict, server default" \ "$P_SRV debug_level=3" \ "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ @@ -4106,6 +4306,7 @@ run_test "Renego ext: gnutls client strict, server default" \ -s "server hello, secure renegotiation extension" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server default" \ "$P_SRV debug_level=3" \ "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ @@ -4114,6 +4315,7 @@ run_test "Renego ext: gnutls client unsafe, server default" \ -S "server hello, secure renegotiation extension" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server break legacy" \ "$P_SRV debug_level=3 allow_legacy=-1" \ "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ @@ -4124,6 +4326,7 @@ run_test "Renego ext: gnutls client unsafe, server break legacy" \ # Tests for silently dropping trailing extra bytes in .der certificates requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: no trailing bytes" \ "$P_SRV crt_file=data_files/server5-der0.crt \ key_file=data_files/server5.key" \ @@ -4132,6 +4335,7 @@ run_test "DER format: no trailing bytes" \ -c "Handshake was completed" \ requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with a trailing zero byte" \ "$P_SRV crt_file=data_files/server5-der1a.crt \ key_file=data_files/server5.key" \ @@ -4140,6 +4344,7 @@ run_test "DER format: with a trailing zero byte" \ -c "Handshake was completed" \ requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with a trailing random byte" \ "$P_SRV crt_file=data_files/server5-der1b.crt \ key_file=data_files/server5.key" \ @@ -4148,6 +4353,7 @@ run_test "DER format: with a trailing random byte" \ -c "Handshake was completed" \ requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 2 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der2.crt \ key_file=data_files/server5.key" \ @@ -4156,6 +4362,7 @@ run_test "DER format: with 2 trailing random bytes" \ -c "Handshake was completed" \ requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 4 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der4.crt \ key_file=data_files/server5.key" \ @@ -4164,6 +4371,7 @@ run_test "DER format: with 4 trailing random bytes" \ -c "Handshake was completed" \ requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 8 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der8.crt \ key_file=data_files/server5.key" \ @@ -4172,6 +4380,7 @@ run_test "DER format: with 8 trailing random bytes" \ -c "Handshake was completed" \ requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DER format: with 9 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der9.crt \ key_file=data_files/server5.key" \ @@ -4182,6 +4391,7 @@ run_test "DER format: with 9 trailing random bytes" \ # Tests for auth_mode, there are duplicated tests using ca callback for authentication # When updating these tests, modify the matching authentication tests accordingly +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server badcert, client required" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -4192,6 +4402,7 @@ run_test "Authentication: server badcert, client required" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -4202,6 +4413,7 @@ run_test "Authentication: server badcert, client optional" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server goodcert, client optional, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ @@ -4213,6 +4425,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \ -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ @@ -4231,6 +4444,7 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \ # different means to have the server ignoring the client's supported curve list. requires_config_enabled MBEDTLS_ECP_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -4241,6 +4455,7 @@ run_test "Authentication: server ECDH p256v1, client required, p256v1 unsuppo -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage requires_config_enabled MBEDTLS_ECP_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -4250,6 +4465,7 @@ run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsuppo -c "! Certificate verification flags"\ -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server badcert, client none" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -4260,6 +4476,7 @@ run_test "Authentication: server badcert, client none" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client SHA256, server required" \ "$P_SRV auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -4269,6 +4486,7 @@ run_test "Authentication: client SHA256, server required" \ -c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 5," +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client SHA384, server required" \ "$P_SRV auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -4278,6 +4496,7 @@ run_test "Authentication: client SHA384, server required" \ -c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 5," +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client has no cert, server required (TLS)" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=none \ @@ -4294,6 +4513,7 @@ run_test "Authentication: client has no cert, server required (TLS)" \ -c "! mbedtls_ssl_handshake returned" \ -s "No client certification received from the client, but required by the authentication mode" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client badcert, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -4315,6 +4535,7 @@ run_test "Authentication: client badcert, server required" \ # detect that its write end of the connection is closed and abort # before reading the alert message. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client cert self-signed and trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -4330,6 +4551,7 @@ run_test "Authentication: client cert self-signed and trusted, server require -S "! The certificate is not correctly signed" \ -S "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -4347,6 +4569,7 @@ run_test "Authentication: client cert not trusted, server required" \ -c "! mbedtls_ssl_handshake returned" \ -s "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -4364,6 +4587,7 @@ run_test "Authentication: client badcert, server optional" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client badcert, server none" \ "$P_SRV debug_level=3 auth_mode=none" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -4381,6 +4605,7 @@ run_test "Authentication: client badcert, server none" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -4397,6 +4622,7 @@ run_test "Authentication: client no cert, server optional" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: openssl client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$O_CLI" \ @@ -4407,6 +4633,7 @@ run_test "Authentication: openssl client no cert, server optional" \ -S "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server optional" \ "$O_SRV -verify 10" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -4417,6 +4644,7 @@ run_test "Authentication: client no cert, openssl server optional" \ -c "skip write certificate verify" \ -C "! mbedtls_ssl_handshake returned" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server required" \ "$O_SRV -Verify 10" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -4439,6 +4667,7 @@ MAX_IM_CA='8' # are in place so that the semantics are consistent with the test description. requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -4448,6 +4677,7 @@ run_test "Authentication: server max_int chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -4457,6 +4687,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -4467,6 +4698,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -4477,6 +4709,7 @@ run_test "Authentication: server max_int+1 chain, client none" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client max_int+1 chain, server default" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -4486,6 +4719,7 @@ run_test "Authentication: client max_int+1 chain, server default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client max_int+1 chain, server optional" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -4495,6 +4729,7 @@ run_test "Authentication: client max_int+1 chain, server optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client max_int+1 chain, server required" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -4504,6 +4739,7 @@ run_test "Authentication: client max_int+1 chain, server required" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client max_int chain, server required" \ "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ @@ -4513,6 +4749,7 @@ run_test "Authentication: client max_int chain, server required" \ # Tests for CA list in CertificateRequest messages +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: send CA list in CertificateRequest (default)" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI crt_file=data_files/server6.crt \ @@ -4520,6 +4757,7 @@ run_test "Authentication: send CA list in CertificateRequest (default)" \ 0 \ -s "requested DN" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: do not send CA list in CertificateRequest" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ "$P_CLI crt_file=data_files/server6.crt \ @@ -4527,6 +4765,7 @@ run_test "Authentication: do not send CA list in CertificateRequest" \ 0 \ -S "requested DN" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: send CA list in CertificateRequest, client self signed" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -4543,6 +4782,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig # When updating these tests, modify the matching authentication tests accordingly requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: server badcert, client required" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -4555,6 +4795,7 @@ run_test "Authentication, CA callback: server badcert, client required" \ -c "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -4575,6 +4816,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \ requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -4587,6 +4829,7 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -4598,6 +4841,7 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client SHA256, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -4609,6 +4853,7 @@ run_test "Authentication, CA callback: client SHA256, server required" \ -c "Supported Signature Algorithm found: 5," requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -4620,6 +4865,7 @@ run_test "Authentication, CA callback: client SHA384, server required" \ -c "Supported Signature Algorithm found: 5," requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client badcert, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -4643,6 +4889,7 @@ run_test "Authentication, CA callback: client badcert, server required" \ # before reading the alert message. requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client cert not trusted, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -4662,6 +4909,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir -s "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -4683,6 +4931,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -4694,6 +4943,7 @@ run_test "Authentication, CA callback: server max_int chain, client default" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -4705,6 +4955,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -4717,6 +4968,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -4728,6 +4980,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client max_int+1 chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -4739,6 +4992,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication, CA callback: client max_int chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ @@ -4750,6 +5004,7 @@ run_test "Authentication, CA callback: client max_int chain, server required" # Tests for certificate selection based on SHA verson requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4763,6 +5018,7 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ # tests for SNI requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: no SNI callback" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4773,6 +5029,7 @@ run_test "SNI: no SNI callback" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: matching cert 1" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4784,6 +5041,7 @@ run_test "SNI: matching cert 1" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: matching cert 2" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4795,6 +5053,7 @@ run_test "SNI: matching cert 2" \ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: no matching cert" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4807,6 +5066,7 @@ run_test "SNI: no matching cert" \ -c "mbedtls_ssl_handshake returned" \ -c "SSL - A fatal alert message was received from our peer" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: client auth no override: optional" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4820,6 +5080,7 @@ run_test "SNI: client auth no override: optional" \ -C "skip write certificate verify" \ -S "skip parse certificate verify" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: client auth override: none -> optional" \ "$P_SRV debug_level=3 auth_mode=none \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4833,6 +5094,7 @@ run_test "SNI: client auth override: none -> optional" \ -C "skip write certificate verify" \ -S "skip parse certificate verify" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: client auth override: optional -> none" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4846,6 +5108,7 @@ run_test "SNI: client auth override: optional -> none" \ -c "skip write certificate verify" \ -s "skip parse certificate verify" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: CA no override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4864,6 +5127,7 @@ run_test "SNI: CA no override" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "The certificate has been revoked (is on a CRL)" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: CA override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4882,6 +5146,7 @@ run_test "SNI: CA override" \ -S "! The certificate is not correctly signed by the trusted CA" \ -S "The certificate has been revoked (is on a CRL)" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4903,6 +5168,7 @@ run_test "SNI: CA override with CRL" \ # Tests for SNI and DTLS requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, no SNI callback" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4913,6 +5179,7 @@ run_test "SNI: DTLS, no SNI callback" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, matching cert 1" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4924,6 +5191,7 @@ run_test "SNI: DTLS, matching cert 1" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, matching cert 2" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4934,6 +5202,7 @@ run_test "SNI: DTLS, matching cert 2" \ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, no matching cert" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4946,6 +5215,7 @@ run_test "SNI: DTLS, no matching cert" \ -c "mbedtls_ssl_handshake returned" \ -c "SSL - A fatal alert message was received from our peer" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, client auth no override: optional" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4959,6 +5229,7 @@ run_test "SNI: DTLS, client auth no override: optional" \ -C "skip write certificate verify" \ -S "skip parse certificate verify" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, client auth override: none -> optional" \ "$P_SRV debug_level=3 auth_mode=none dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4972,6 +5243,7 @@ run_test "SNI: DTLS, client auth override: none -> optional" \ -C "skip write certificate verify" \ -S "skip parse certificate verify" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, client auth override: optional -> none" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4985,6 +5257,7 @@ run_test "SNI: DTLS, client auth override: optional -> none" \ -c "skip write certificate verify" \ -s "skip parse certificate verify" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, CA no override" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -5003,6 +5276,7 @@ run_test "SNI: DTLS, CA no override" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "The certificate has been revoked (is on a CRL)" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, CA override" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -5021,6 +5295,7 @@ run_test "SNI: DTLS, CA override" \ -S "! The certificate is not correctly signed by the trusted CA" \ -S "The certificate has been revoked (is on a CRL)" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SNI: DTLS, CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ @@ -5041,6 +5316,7 @@ run_test "SNI: DTLS, CA override with CRL" \ # Tests for non-blocking I/O: exercise a variety of handshake flows +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Non-blocking I/O: basic handshake" \ "$P_SRV nbio=2 tickets=0 auth_mode=none" \ "$P_CLI nbio=2 tickets=0" \ @@ -5049,6 +5325,7 @@ run_test "Non-blocking I/O: basic handshake" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Non-blocking I/O: client auth" \ "$P_SRV nbio=2 tickets=0 auth_mode=required" \ "$P_CLI nbio=2 tickets=0" \ @@ -5057,6 +5334,7 @@ run_test "Non-blocking I/O: client auth" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Non-blocking I/O: ticket" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ "$P_CLI nbio=2 tickets=1" \ @@ -5065,6 +5343,7 @@ run_test "Non-blocking I/O: ticket" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Non-blocking I/O: ticket + client auth" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ "$P_CLI nbio=2 tickets=1" \ @@ -5073,6 +5352,7 @@ run_test "Non-blocking I/O: ticket + client auth" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Non-blocking I/O: ticket + client auth + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ "$P_CLI nbio=2 tickets=1 reconnect=1" \ @@ -5081,6 +5361,7 @@ run_test "Non-blocking I/O: ticket + client auth + resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Non-blocking I/O: ticket + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ "$P_CLI nbio=2 tickets=1 reconnect=1" \ @@ -5089,6 +5370,7 @@ run_test "Non-blocking I/O: ticket + resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Non-blocking I/O: session-id resume" \ "$P_SRV nbio=2 tickets=0 auth_mode=none" \ "$P_CLI nbio=2 tickets=0 reconnect=1" \ @@ -5099,6 +5381,7 @@ run_test "Non-blocking I/O: session-id resume" \ # Tests for event-driven I/O: exercise a variety of handshake flows +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O: basic handshake" \ "$P_SRV event=1 tickets=0 auth_mode=none" \ "$P_CLI event=1 tickets=0" \ @@ -5107,6 +5390,7 @@ run_test "Event-driven I/O: basic handshake" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O: client auth" \ "$P_SRV event=1 tickets=0 auth_mode=required" \ "$P_CLI event=1 tickets=0" \ @@ -5115,6 +5399,7 @@ run_test "Event-driven I/O: client auth" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O: ticket" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ "$P_CLI event=1 tickets=1" \ @@ -5123,6 +5408,7 @@ run_test "Event-driven I/O: ticket" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O: ticket + client auth" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ "$P_CLI event=1 tickets=1" \ @@ -5131,6 +5417,7 @@ run_test "Event-driven I/O: ticket + client auth" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O: ticket + client auth + resume" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ "$P_CLI event=1 tickets=1 reconnect=1" \ @@ -5139,6 +5426,7 @@ run_test "Event-driven I/O: ticket + client auth + resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O: ticket + resume" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ "$P_CLI event=1 tickets=1 reconnect=1" \ @@ -5147,6 +5435,7 @@ run_test "Event-driven I/O: ticket + resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O: session-id resume" \ "$P_SRV event=1 tickets=0 auth_mode=none" \ "$P_CLI event=1 tickets=0 reconnect=1" \ @@ -5155,42 +5444,49 @@ run_test "Event-driven I/O: session-id resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: basic handshake" \ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ "$P_CLI dtls=1 event=1 tickets=0" \ 0 \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: client auth" \ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ "$P_CLI dtls=1 event=1 tickets=0" \ 0 \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: ticket" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ "$P_CLI dtls=1 event=1 tickets=1" \ 0 \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: ticket + client auth" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ "$P_CLI dtls=1 event=1 tickets=1" \ 0 \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 0 \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: ticket + resume" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 0 \ -c "Read from server: .* bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: session-id resume" \ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -5202,6 +5498,7 @@ run_test "Event-driven I/O, DTLS: session-id resume" \ # within the same datagram as the Finished messages. In this situation, the # server MUST NOT idle on the underlying transport after handshake completion, # because the ApplicationData request has already been queued internally. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ -p "$P_PXY pack=50" \ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ @@ -5211,6 +5508,7 @@ run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ # Tests for version negotiation +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Version check: all -> 1.2" \ "$P_SRV" \ "$P_CLI" \ @@ -5220,6 +5518,7 @@ run_test "Version check: all -> 1.2" \ -s "Protocol is TLSv1.2" \ -c "Protocol is TLSv1.2" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Not supported version check: cli TLS 1.0" \ "$P_SRV" \ "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \ @@ -5229,6 +5528,7 @@ run_test "Not supported version check: cli TLS 1.0" \ -S "Protocol is TLSv1.0" \ -C "Handshake was completed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Not supported version check: cli TLS 1.1" \ "$P_SRV" \ "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \ @@ -5238,6 +5538,7 @@ run_test "Not supported version check: cli TLS 1.1" \ -S "Protocol is TLSv1.1" \ -C "Handshake was completed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Not supported version check: srv max TLS 1.0" \ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ "$P_CLI" \ @@ -5247,6 +5548,7 @@ run_test "Not supported version check: srv max TLS 1.0" \ -S "Version: TLS1.0" \ -C "Protocol is TLSv1.0" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Not supported version check: srv max TLS 1.1" \ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ "$P_CLI" \ @@ -5258,6 +5560,7 @@ run_test "Not supported version check: srv max TLS 1.1" \ # Tests for ALPN extension +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: none" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -5270,6 +5573,7 @@ run_test "ALPN: none" \ -C "Application Layer Protocol is" \ -S "Application Layer Protocol is" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: client only" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 alpn=abc,1234" \ @@ -5282,6 +5586,7 @@ run_test "ALPN: client only" \ -c "Application Layer Protocol is (none)" \ -S "Application Layer Protocol is" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: server only" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3" \ @@ -5294,6 +5599,7 @@ run_test "ALPN: server only" \ -C "Application Layer Protocol is" \ -s "Application Layer Protocol is (none)" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, common cli1-srv1" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=abc,1234" \ @@ -5306,6 +5612,7 @@ run_test "ALPN: both, common cli1-srv1" \ -c "Application Layer Protocol is abc" \ -s "Application Layer Protocol is abc" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, common cli2-srv1" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=1234,abc" \ @@ -5318,6 +5625,7 @@ run_test "ALPN: both, common cli2-srv1" \ -c "Application Layer Protocol is abc" \ -s "Application Layer Protocol is abc" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, common cli1-srv2" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=1234,abcde" \ @@ -5330,6 +5638,7 @@ run_test "ALPN: both, common cli1-srv2" \ -c "Application Layer Protocol is 1234" \ -s "Application Layer Protocol is 1234" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ALPN: both, no common" \ "$P_SRV debug_level=3 alpn=abc,123" \ "$P_CLI debug_level=3 alpn=1234,abcde" \ @@ -5346,6 +5655,7 @@ run_test "ALPN: both, no common" \ # Tests for keyUsage in leaf certificates, part 1: # server-side certificate/suite selection +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ "$P_SRV key_file=data_files/server2.key \ crt_file=data_files/server2.ku-ds.crt" \ @@ -5354,6 +5664,7 @@ run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ "$P_SRV key_file=data_files/server2.key \ crt_file=data_files/server2.ku-ke.crt" \ @@ -5361,6 +5672,7 @@ run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage srv: RSA, keyAgreement -> fail" \ "$P_SRV key_file=data_files/server2.key \ crt_file=data_files/server2.ku-ka.crt" \ @@ -5368,6 +5680,7 @@ run_test "keyUsage srv: RSA, keyAgreement -> fail" \ 1 \ -C "Ciphersuite is " +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ds.crt" \ @@ -5376,6 +5689,7 @@ run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5383,6 +5697,7 @@ run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ 0 \ -c "Ciphersuite is TLS-ECDH-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ke.crt" \ @@ -5393,6 +5708,7 @@ run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ # Tests for keyUsage in leaf certificates, part 2: # client-side checking of server cert +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ds_ke.crt" \ @@ -5403,6 +5719,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ds_ke.crt" \ @@ -5413,6 +5730,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ @@ -5423,6 +5741,7 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ @@ -5433,6 +5752,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ @@ -5444,6 +5764,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ -c "Ciphersuite is TLS-" \ -c "! Usage does not match the keyUsage extension" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ @@ -5454,6 +5775,7 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature, RSA: fail" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ @@ -5464,6 +5786,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ @@ -5478,6 +5801,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ # Tests for keyUsage in leaf certificates, part 3: # server-side checking of client cert +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server2.key \ @@ -5486,6 +5810,7 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server2.key \ @@ -5494,6 +5819,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ "$P_SRV debug_level=1 auth_mode=required" \ "$O_CLI -key data_files/server2.key \ @@ -5502,6 +5828,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -5510,6 +5837,7 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -5520,24 +5848,28 @@ run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage srv: serverAuth -> OK" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.eku-srv.crt" \ "$P_CLI" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.eku-srv.crt" \ "$P_CLI" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.eku-cs_any.crt" \ "$P_CLI" \ 0 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage srv: codeSign -> fail" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.eku-cli.crt" \ @@ -5546,6 +5878,7 @@ run_test "extKeyUsage srv: codeSign -> fail" \ # Tests for extendedKeyUsage, part 2: client-side checking of server cert +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: serverAuth -> OK" \ "$O_SRV -key data_files/server5.key \ -cert data_files/server5.eku-srv.crt" \ @@ -5555,6 +5888,7 @@ run_test "extKeyUsage cli: serverAuth -> OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ "$O_SRV -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ @@ -5564,6 +5898,7 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ "$O_SRV -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ @@ -5573,6 +5908,7 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: codeSign -> fail" \ "$O_SRV -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ @@ -5584,6 +5920,7 @@ run_test "extKeyUsage cli: codeSign -> fail" \ # Tests for extendedKeyUsage, part 3: server-side checking of client cert +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -5592,6 +5929,7 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -5600,6 +5938,7 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -5608,6 +5947,7 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -5616,6 +5956,7 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ "$P_SRV debug_level=1 auth_mode=required" \ "$O_CLI -key data_files/server5.key \ @@ -5626,6 +5967,7 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ # Tests for DHM parameters loading +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM parameters: reference" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5634,6 +5976,7 @@ run_test "DHM parameters: reference" \ -c "value of 'DHM: P ' (2048 bits)" \ -c "value of 'DHM: G ' (2 bits)" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM parameters: other parameters" \ "$P_SRV dhm_file=data_files/dhparams.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5644,6 +5987,7 @@ run_test "DHM parameters: other parameters" \ # Tests for DHM client-side size checking +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server default, client default, OK" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5651,6 +5995,7 @@ run_test "DHM size: server default, client default, OK" \ 0 \ -C "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server default, client 2048, OK" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5658,6 +6003,7 @@ run_test "DHM size: server default, client 2048, OK" \ 0 \ -C "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server 1024, client default, OK" \ "$P_SRV dhm_file=data_files/dhparams.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5665,6 +6011,7 @@ run_test "DHM size: server 1024, client default, OK" \ 0 \ -C "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server 999, client 999, OK" \ "$P_SRV dhm_file=data_files/dh.999.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5672,6 +6019,7 @@ run_test "DHM size: server 999, client 999, OK" \ 0 \ -C "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server 1000, client 1000, OK" \ "$P_SRV dhm_file=data_files/dh.1000.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5679,6 +6027,7 @@ run_test "DHM size: server 1000, client 1000, OK" \ 0 \ -C "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server 1000, client default, rejected" \ "$P_SRV dhm_file=data_files/dh.1000.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5686,6 +6035,7 @@ run_test "DHM size: server 1000, client default, rejected" \ 1 \ -c "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server 1000, client 1001, rejected" \ "$P_SRV dhm_file=data_files/dh.1000.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5693,6 +6043,7 @@ run_test "DHM size: server 1000, client 1001, rejected" \ 1 \ -c "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server 999, client 1000, rejected" \ "$P_SRV dhm_file=data_files/dh.999.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5700,6 +6051,7 @@ run_test "DHM size: server 999, client 1000, rejected" \ 1 \ -c "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server 998, client 999, rejected" \ "$P_SRV dhm_file=data_files/dh.998.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5707,6 +6059,7 @@ run_test "DHM size: server 998, client 999, rejected" \ 1 \ -c "DHM prime too short:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DHM size: server default, client 2049, rejected" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -5716,6 +6069,7 @@ run_test "DHM size: server default, client 2049, rejected" \ # Tests for PSK callback +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: psk, no callback" \ "$P_SRV psk=abc123 psk_identity=foo" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5726,6 +6080,7 @@ run_test "PSK callback: psk, no callback" \ -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: opaque psk on client, no callback" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5740,6 +6095,7 @@ run_test "PSK callback: opaque psk on client, no callback" \ -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ @@ -5754,6 +6110,7 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: opaque psk on client, no callback, EMS" \ "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5768,6 +6125,7 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \ -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ @@ -5782,6 +6140,7 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5796,6 +6155,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ @@ -5810,6 +6170,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ @@ -5825,6 +6186,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ @@ -5840,6 +6202,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5854,6 +6217,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ @@ -5868,6 +6232,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \ "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ @@ -5883,6 +6248,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \ "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ @@ -5898,6 +6264,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5912,6 +6279,7 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5926,6 +6294,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5939,6 +6308,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5952,6 +6322,7 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5959,6 +6330,7 @@ run_test "PSK callback: raw psk on client, matching opaque PSK on server, wro 1 \ -s "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: no psk, no callback" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5968,6 +6340,7 @@ run_test "PSK callback: no psk, no callback" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: callback overrides other settings" \ "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5977,6 +6350,7 @@ run_test "PSK callback: callback overrides other settings" \ -s "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: first id matches" \ "$P_SRV psk_list=abc,dead,def,beef" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5986,6 +6360,7 @@ run_test "PSK callback: first id matches" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: second id matches" \ "$P_SRV psk_list=abc,dead,def,beef" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -5995,6 +6370,7 @@ run_test "PSK callback: second id matches" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: no match" \ "$P_SRV psk_list=abc,dead,def,beef" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -6004,6 +6380,7 @@ run_test "PSK callback: no match" \ -s "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: wrong key" \ "$P_SRV psk_list=abc,dead,def,beef" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -6016,6 +6393,7 @@ run_test "PSK callback: wrong key" \ # Tests for EC J-PAKE requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: client not configured" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -6030,6 +6408,7 @@ run_test "ECJPAKE: client not configured" \ -S "SSL - The handshake negotiation failed" requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: server not configured" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 ecjpake_pw=bla \ @@ -6045,6 +6424,7 @@ run_test "ECJPAKE: server not configured" \ -s "SSL - The handshake negotiation failed" requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: working, TLS" \ "$P_SRV debug_level=3 ecjpake_pw=bla" \ "$P_CLI debug_level=3 ecjpake_pw=bla \ @@ -6063,6 +6443,7 @@ run_test "ECJPAKE: working, TLS" \ server_needs_more_time 1 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: password mismatch, TLS" \ "$P_SRV debug_level=3 ecjpake_pw=bla" \ "$P_CLI debug_level=3 ecjpake_pw=bad \ @@ -6072,6 +6453,7 @@ run_test "ECJPAKE: password mismatch, TLS" \ -s "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: working, DTLS" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ @@ -6081,6 +6463,7 @@ run_test "ECJPAKE: working, DTLS" \ -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: working, DTLS, no cookie" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ @@ -6091,6 +6474,7 @@ run_test "ECJPAKE: working, DTLS, no cookie" \ server_needs_more_time 1 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: password mismatch, DTLS" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ @@ -6101,6 +6485,7 @@ run_test "ECJPAKE: password mismatch, DTLS" \ # for tests with configs/config-thread.h requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ECJPAKE: working, DTLS, nolog" \ "$P_SRV dtls=1 ecjpake_pw=bla" \ "$P_CLI dtls=1 ecjpake_pw=bla \ @@ -6110,6 +6495,7 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Test for ClientHello without extensions requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "ClientHello without extensions" \ "$P_SRV debug_level=3" \ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ @@ -6118,12 +6504,14 @@ run_test "ClientHello without extensions" \ # Tests for mbedtls_ssl_get_bytes_avail() +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ "$P_SRV" \ "$P_CLI request_size=100" \ 0 \ -s "Read from client: 100 bytes read$" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "mbedtls_ssl_get_bytes_avail: extra data" \ "$P_SRV" \ "$P_CLI request_size=500" \ @@ -6132,6 +6520,7 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \ # Tests for small client packets +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6139,6 +6528,7 @@ run_test "Small client packet TLS 1.2 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6146,6 +6536,7 @@ run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6153,6 +6544,7 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6160,6 +6552,7 @@ run_test "Small client packet TLS 1.2 AEAD" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls12 \ @@ -6170,6 +6563,7 @@ run_test "Small client packet TLS 1.2 AEAD shorter tag" \ # Tests for small client packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls12" \ "$P_CLI dtls=1 request_size=1 \ @@ -6178,6 +6572,7 @@ run_test "Small client packet DTLS 1.2" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 request_size=1 \ @@ -6187,6 +6582,7 @@ run_test "Small client packet DTLS 1.2, without EtM" \ # Tests for small server packets +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6194,6 +6590,7 @@ run_test "Small server packet TLS 1.2 BlockCipher" \ 0 \ -c "Read from server: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6201,6 +6598,7 @@ run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -c "Read from server: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6208,6 +6606,7 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6215,6 +6614,7 @@ run_test "Small server packet TLS 1.2 AEAD" \ 0 \ -c "Read from server: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls12 \ @@ -6225,6 +6625,7 @@ run_test "Small server packet TLS 1.2 AEAD shorter tag" \ # Tests for small server packets in DTLS requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet DTLS 1.2" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ "$P_CLI dtls=1 \ @@ -6233,6 +6634,7 @@ run_test "Small server packet DTLS 1.2" \ -c "Read from server: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Small server packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 \ @@ -6247,6 +6649,7 @@ fragments_for_write() { echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" } +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6255,6 +6658,7 @@ run_test "Large client packet TLS 1.2 BlockCipher" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 etm=0 \ @@ -6262,6 +6666,7 @@ run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6270,6 +6675,7 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6278,6 +6684,7 @@ run_test "Large client packet TLS 1.2 AEAD" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls12 \ @@ -6287,6 +6694,7 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -6294,6 +6702,7 @@ run_test "Large server packet TLS 1.2 BlockCipher" \ 0 \ -c "Read from server: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 etm=0 \ @@ -6302,6 +6711,7 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -6309,6 +6719,7 @@ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV response_size=16384 trunc_hmac=1" \ "$P_CLI force_version=tls12 \ @@ -6317,6 +6728,7 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -6324,6 +6736,7 @@ run_test "Large server packet TLS 1.2 AEAD" \ 0 \ -c "Read from server: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Large server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=16384" \ "$P_CLI force_version=tls12 \ @@ -6337,6 +6750,7 @@ run_test "Large server packet TLS 1.2 AEAD shorter tag" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, default" \ "$P_SRV curves=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -6350,6 +6764,7 @@ run_test "EC restart: TLS, default" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=0" \ "$P_SRV curves=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -6363,6 +6778,7 @@ run_test "EC restart: TLS, max_ops=0" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=65535" \ "$P_SRV curves=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -6376,6 +6792,7 @@ run_test "EC restart: TLS, max_ops=65535" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=1000" \ "$P_SRV curves=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -6389,6 +6806,7 @@ run_test "EC restart: TLS, max_ops=1000" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=1000, badsign" \ "$P_SRV curves=secp256r1 auth_mode=required \ crt_file=data_files/server5-badsign.crt \ @@ -6407,6 +6825,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ "$P_SRV curves=secp256r1 auth_mode=required \ crt_file=data_files/server5-badsign.crt \ @@ -6425,6 +6844,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ "$P_SRV curves=secp256r1 auth_mode=required \ crt_file=data_files/server5-badsign.crt \ @@ -6443,6 +6863,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: DTLS, max_ops=1000" \ "$P_SRV curves=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -6456,6 +6877,7 @@ run_test "EC restart: DTLS, max_ops=1000" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_SRV curves=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -6468,6 +6890,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ "$P_SRV curves=secp256r1 psk=abc123" \ "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ @@ -6481,6 +6904,7 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ # Tests of asynchronous private key support in SSL requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, delay=0" \ "$P_SRV \ async_operations=s async_private_delay1=0 async_private_delay2=0" \ @@ -6490,6 +6914,7 @@ run_test "SSL async private: sign, delay=0" \ -s "Async resume (slot [0-9]): sign done, status=0" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, delay=1" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1" \ @@ -6500,6 +6925,7 @@ run_test "SSL async private: sign, delay=1" \ -s "Async resume (slot [0-9]): sign done, status=0" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, delay=2" \ "$P_SRV \ async_operations=s async_private_delay1=2 async_private_delay2=2" \ @@ -6513,6 +6939,7 @@ run_test "SSL async private: sign, delay=2" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, SNI" \ "$P_SRV debug_level=3 \ async_operations=s async_private_delay1=0 async_private_delay2=0 \ @@ -6527,6 +6954,7 @@ run_test "SSL async private: sign, SNI" \ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt, delay=0" \ "$P_SRV \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ @@ -6536,6 +6964,7 @@ run_test "SSL async private: decrypt, delay=0" \ -s "Async resume (slot [0-9]): decrypt done, status=0" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt, delay=1" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ @@ -6546,6 +6975,7 @@ run_test "SSL async private: decrypt, delay=1" \ -s "Async resume (slot [0-9]): decrypt done, status=0" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt RSA-PSK, delay=0" \ "$P_SRV psk=abc123 \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ @@ -6556,6 +6986,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=0" \ -s "Async resume (slot [0-9]): decrypt done, status=0" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt RSA-PSK, delay=1" \ "$P_SRV psk=abc123 \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ @@ -6567,6 +6998,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=1" \ -s "Async resume (slot [0-9]): decrypt done, status=0" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign callback not present" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ @@ -6580,6 +7012,7 @@ run_test "SSL async private: sign callback not present" \ -s "Successful connection" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt callback not present" \ "$P_SRV debug_level=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1" \ @@ -6594,6 +7027,7 @@ run_test "SSL async private: decrypt callback not present" \ # key1: ECDSA, key2: RSA; use key1 from slot 0 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: slot 0 used with key1" \ "$P_SRV \ async_operations=s async_private_delay1=1 \ @@ -6607,6 +7041,7 @@ run_test "SSL async private: slot 0 used with key1" \ # key1: ECDSA, key2: RSA; use key2 from slot 0 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: slot 0 used with key2" \ "$P_SRV \ async_operations=s async_private_delay2=1 \ @@ -6620,6 +7055,7 @@ run_test "SSL async private: slot 0 used with key2" \ # key1: ECDSA, key2: RSA; use key2 from slot 1 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: slot 1 used with key2" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6633,6 +7069,7 @@ run_test "SSL async private: slot 1 used with key2" \ # key1: ECDSA, key2: RSA; use key2 directly requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 \ @@ -6643,6 +7080,7 @@ run_test "SSL async private: fall back to transparent key" \ -s "Async sign callback: no key matches this certificate." requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, error in start" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6655,6 +7093,7 @@ run_test "SSL async private: sign, error in start" \ -s "! mbedtls_ssl_handshake returned" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, cancel after start" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6666,6 +7105,7 @@ run_test "SSL async private: sign, cancel after start" \ -s "Async cancel" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, error in resume" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6678,6 +7118,7 @@ run_test "SSL async private: sign, error in resume" \ -s "! mbedtls_ssl_handshake returned" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt, error in start" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ @@ -6690,6 +7131,7 @@ run_test "SSL async private: decrypt, error in start" \ -s "! mbedtls_ssl_handshake returned" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt, cancel after start" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ @@ -6701,6 +7143,7 @@ run_test "SSL async private: decrypt, cancel after start" \ -s "Async cancel" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: decrypt, error in resume" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ @@ -6713,6 +7156,7 @@ run_test "SSL async private: decrypt, error in resume" \ -s "! mbedtls_ssl_handshake returned" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: cancel after start then operate correctly" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6725,6 +7169,7 @@ run_test "SSL async private: cancel after start then operate correctly" \ -s "Successful connection" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: error in resume then operate correctly" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6737,6 +7182,7 @@ run_test "SSL async private: error in resume then operate correctly" \ # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: cancel after start then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-2 \ @@ -6755,6 +7201,7 @@ run_test "SSL async private: cancel after start then fall back to transparent # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: sign, error in resume then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-3 \ @@ -6771,6 +7218,7 @@ run_test "SSL async private: sign, error in resume then fall back to transpar requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: renegotiation: client-initiated, sign" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6782,6 +7230,7 @@ run_test "SSL async private: renegotiation: client-initiated, sign" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: renegotiation: server-initiated, sign" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -6793,6 +7242,7 @@ run_test "SSL async private: renegotiation: server-initiated, sign" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: renegotiation: client-initiated, decrypt" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ @@ -6805,6 +7255,7 @@ run_test "SSL async private: renegotiation: client-initiated, decrypt" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "SSL async private: renegotiation: server-initiated, decrypt" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ @@ -6821,6 +7272,7 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_SHA256_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Force a non ECC ciphersuite in the client side" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ @@ -6834,6 +7286,7 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_SHA256_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Force a non ECC ciphersuite in the server side" \ "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ "$P_CLI debug_level=3" \ @@ -6845,6 +7298,7 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_SHA256_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Force an ECC ciphersuite in the client side" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -6858,6 +7312,7 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_SHA256_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Force an ECC ciphersuite in the server side" \ "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ "$P_CLI debug_level=3" \ @@ -6867,6 +7322,7 @@ run_test "Force an ECC ciphersuite in the server side" \ # Tests for DTLS HelloVerifyRequest +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS cookie: enabled" \ "$P_SRV dtls=1 debug_level=2" \ "$P_CLI dtls=1 debug_level=2" \ @@ -6878,6 +7334,7 @@ run_test "DTLS cookie: enabled" \ -s "hello verification requested" \ -S "SSL - The requested feature is not available" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS cookie: disabled" \ "$P_SRV dtls=1 debug_level=2 cookies=0" \ "$P_CLI dtls=1 debug_level=2" \ @@ -6889,6 +7346,7 @@ run_test "DTLS cookie: disabled" \ -S "hello verification requested" \ -S "SSL - The requested feature is not available" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS cookie: default (failing)" \ "$P_SRV dtls=1 debug_level=2 cookies=-1" \ "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ @@ -6901,6 +7359,7 @@ run_test "DTLS cookie: default (failing)" \ -s "SSL - The requested feature is not available" requires_ipv6 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS cookie: enabled, IPv6" \ "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ @@ -6912,6 +7371,7 @@ run_test "DTLS cookie: enabled, IPv6" \ -s "hello verification requested" \ -S "SSL - The requested feature is not available" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS cookie: enabled, nbio" \ "$P_SRV dtls=1 nbio=2 debug_level=2" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ @@ -6926,6 +7386,7 @@ run_test "DTLS cookie: enabled, nbio" \ # Tests for client reconnecting from the same port with DTLS not_with_valgrind # spurious resend +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client reconnect from same port: reference" \ "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ @@ -6935,6 +7396,7 @@ run_test "DTLS client reconnect from same port: reference" \ -S "Client initiated reconnection from same port" not_with_valgrind # spurious resend +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client reconnect from same port: reconnect" \ "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ @@ -6944,6 +7406,7 @@ run_test "DTLS client reconnect from same port: reconnect" \ -s "Client initiated reconnection from same port" not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ @@ -6952,6 +7415,7 @@ run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" -s "Client initiated reconnection from same port" only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ @@ -6959,6 +7423,7 @@ run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client reconnect from same port: no cookies" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ @@ -6966,6 +7431,7 @@ run_test "DTLS client reconnect from same port: no cookies" \ -s "The operation timed out" \ -S "Client initiated reconnection from same port" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client reconnect from same port: attacker-injected" \ -p "$P_PXY inject_clihlo=1" \ "$P_SRV dtls=1 exchanges=2 debug_level=1" \ @@ -6977,18 +7443,21 @@ run_test "DTLS client reconnect from same port: attacker-injected" \ # Tests for various cases of client authentication with DTLS # (focused on handshake flows and message parsing) +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client auth: required" \ "$P_SRV dtls=1 auth_mode=required" \ "$P_CLI dtls=1" \ 0 \ -s "Verifying peer X.509 certificate... ok" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client auth: optional, client has no cert" \ "$P_SRV dtls=1 auth_mode=optional" \ "$P_CLI dtls=1 crt_file=none key_file=none" \ 0 \ -s "! Certificate was missing" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS client auth: none, client has no cert" \ "$P_SRV dtls=1 auth_mode=none" \ "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ @@ -6996,6 +7465,7 @@ run_test "DTLS client auth: none, client has no cert" \ -c "skip write certificate$" \ -s "! Certificate verification was skipped" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS wrong PSK: badmac alert" \ "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ "$P_CLI dtls=1 psk=abc124" \ @@ -7006,6 +7476,7 @@ run_test "DTLS wrong PSK: badmac alert" \ # Tests for receiving fragmented handshake messages with DTLS requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: no fragmentation (gnutls server)" \ "$G_SRV -u --mtu 2048 -a" \ "$P_CLI dtls=1 debug_level=2" \ @@ -7014,6 +7485,7 @@ run_test "DTLS reassembly: no fragmentation (gnutls server)" \ -C "error" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: some fragmentation (gnutls server)" \ "$G_SRV -u --mtu 512" \ "$P_CLI dtls=1 debug_level=2" \ @@ -7022,6 +7494,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \ -C "error" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: more fragmentation (gnutls server)" \ "$G_SRV -u --mtu 128" \ "$P_CLI dtls=1 debug_level=2" \ @@ -7030,6 +7503,7 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \ -C "error" requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ "$G_SRV -u --mtu 128" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ @@ -7039,6 +7513,7 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ @@ -7053,6 +7528,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ @@ -7065,6 +7541,7 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ -C "error" \ -s "Extra-header:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: no fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 2048" \ "$P_CLI dtls=1 debug_level=2" \ @@ -7072,6 +7549,7 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "found fragmented DTLS handshake message" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: some fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 768" \ "$P_CLI dtls=1 debug_level=2" \ @@ -7079,6 +7557,7 @@ run_test "DTLS reassembly: some fragmentation (openssl server)" \ -c "found fragmented DTLS handshake message" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: more fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ @@ -7086,6 +7565,7 @@ run_test "DTLS reassembly: more fragmentation (openssl server)" \ -c "found fragmented DTLS handshake message" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ @@ -7110,6 +7590,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -7131,6 +7612,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -7156,6 +7638,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -7177,6 +7660,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ crt_file=data_files/server7_int-ca.crt \ @@ -7205,6 +7689,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=none \ @@ -7227,6 +7712,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -7255,6 +7741,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ -p "$P_PXY mtu=1110" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7276,6 +7763,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_max_content_len 4096 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference) (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -7296,6 +7784,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_max_content_len 4096 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -7316,6 +7805,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server (MTU)" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=data_files/server7_int-ca.crt \ @@ -7336,6 +7826,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7362,6 +7853,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7394,6 +7886,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7419,6 +7912,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ -p "$P_PXY mtu=508" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7443,6 +7937,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7473,6 +7968,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7497,6 +7993,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7524,6 +8021,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7561,6 +8059,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ -p "$P_PXY mtu=1450" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7591,6 +8090,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_CHACHAPOLY_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7624,6 +8124,7 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7657,6 +8158,7 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CCM_C requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7691,6 +8193,7 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7724,6 +8227,7 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7754,6 +8258,7 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU + 3d" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ @@ -7779,6 +8284,7 @@ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -7805,6 +8311,7 @@ requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ "$P_CLI dtls=1 debug_level=2 \ @@ -7829,6 +8336,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_gnutls requires_not_i686 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -7843,6 +8351,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ @@ -7858,6 +8367,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ @@ -7878,6 +8388,7 @@ requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ @@ -7896,6 +8407,7 @@ requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ @@ -7918,6 +8430,7 @@ requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_SRV -dtls1_2 -verify 10" \ @@ -7936,6 +8449,7 @@ requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 client_needs_more_time 4 requires_max_content_len 2048 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ @@ -7948,6 +8462,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ # Tests for DTLS-SRTP (RFC 5764) requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported" \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -7967,6 +8482,7 @@ run_test "DTLS-SRTP all profiles supported" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ @@ -7985,6 +8501,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile." -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8003,6 +8520,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles." -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one matching profile." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -8021,6 +8539,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one different profile." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ @@ -8038,6 +8557,7 @@ run_test "DTLS-SRTP server and Client support only one different profile." \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server doesn't support use_srtp extension." \ "$P_SRV dtls=1 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8053,6 +8573,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension." \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. mki used" \ "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -8075,6 +8596,7 @@ run_test "DTLS-SRTP all profiles supported. mki used" \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -8098,6 +8620,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. openssl client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ @@ -8111,6 +8634,7 @@ run_test "DTLS-SRTP all profiles supported. openssl client." \ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ @@ -8124,6 +8648,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ @@ -8137,6 +8662,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ @@ -8150,6 +8676,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ @@ -8163,6 +8690,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ @@ -8175,6 +8703,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens -C "SRTP Extension negotiated, profile" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ "$P_SRV dtls=1 debug_level=3" \ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ @@ -8185,6 +8714,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" -C "SRTP Extension negotiated, profile" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. openssl server" \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8197,6 +8727,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8209,6 +8740,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -8221,6 +8753,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8233,6 +8766,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -8245,6 +8779,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ @@ -8257,6 +8792,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8269,6 +8805,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -8285,6 +8822,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. gnutls client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ @@ -8298,6 +8836,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls client." \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ @@ -8311,6 +8850,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ @@ -8324,6 +8864,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ @@ -8337,6 +8878,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ @@ -8350,6 +8892,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ @@ -8363,6 +8906,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ "$P_SRV dtls=1 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ @@ -8374,6 +8918,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. gnutls server" \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8387,6 +8932,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8400,6 +8946,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -8413,6 +8960,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8426,6 +8974,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -8439,6 +8988,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ @@ -8452,6 +9002,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ "$G_SRV -u" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -8465,6 +9016,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -8482,6 +9034,7 @@ run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ # Tests for specific things with "unreliable" UDP connection not_with_valgrind # spurious resend due to timeout +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: reference" \ -p "$P_PXY" \ "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ @@ -8500,6 +9053,7 @@ run_test "DTLS proxy: reference" \ -c "HTTP/1.0 200 OK" not_with_valgrind # spurious resend due to timeout +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ @@ -8513,6 +9067,7 @@ run_test "DTLS proxy: duplicate every packet" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ -p "$P_PXY duplicate=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ @@ -8527,6 +9082,7 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: multiple records in same datagram" \ -p "$P_PXY pack=50" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ @@ -8535,6 +9091,7 @@ run_test "DTLS proxy: multiple records in same datagram" \ -c "next record in same datagram" \ -s "next record in same datagram" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ -p "$P_PXY pack=50 duplicate=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ @@ -8543,6 +9100,7 @@ run_test "DTLS proxy: multiple records in same datagram, duplicate every pack -c "next record in same datagram" \ -s "next record in same datagram" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ -p "$P_PXY bad_ad=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ @@ -8555,6 +9113,7 @@ run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ -S "too many records with bad MAC" \ -S "Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ -p "$P_PXY bad_ad=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ @@ -8567,6 +9126,7 @@ run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ -s "too many records with bad MAC" \ -s "Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ -p "$P_PXY bad_ad=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ @@ -8579,6 +9139,7 @@ run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ -S "too many records with bad MAC" \ -S "Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ -p "$P_PXY bad_ad=1" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ @@ -8591,6 +9152,7 @@ run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ -s "too many records with bad MAC" \ -s "Verification of the message MAC failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: delay ChangeCipherSpec" \ -p "$P_PXY delay_ccs=1" \ "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ @@ -8603,6 +9165,7 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ # Tests for reordering support with DTLS +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -p "$P_PXY delay_srv=ServerHello" \ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -8619,6 +9182,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ -p "$P_PXY delay_srv=ServerHello" \ "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -8642,6 +9206,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on # in size, so that the bound below ensures that the certificate can be reassembled # while keeping the ServerKeyExchange. requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -8664,6 +9229,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex # when dropping it first. requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -8681,6 +9247,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -p "$P_PXY delay_cli=Certificate" \ "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ @@ -8697,6 +9264,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -p "$P_PXY delay_srv=NewSessionTicket" \ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -8713,6 +9281,7 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -S "Injecting buffered CCS message" \ -S "Remember CCS message" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ -p "$P_PXY delay_cli=ClientKeyExchange" \ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -8729,6 +9298,7 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ -s "Injecting buffered CCS message" \ -s "Remember CCS message" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer encrypted Finished message" \ -p "$P_PXY delay_ccs=1" \ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -8758,6 +9328,7 @@ run_test "DTLS reordering: Buffer encrypted Finished message" \ # handshake, omitting CRTs. requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ @@ -8772,6 +9343,7 @@ run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragme # Tests for "randomly unreliable connection": try a variety of flows and peers client_needs_more_time 2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8783,6 +9355,7 @@ run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ @@ -8793,6 +9366,7 @@ run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ @@ -8802,6 +9376,7 @@ run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, FS, client auth" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ @@ -8811,6 +9386,7 @@ run_test "DTLS proxy: 3d, FS, client auth" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, FS, ticket" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ @@ -8820,6 +9396,7 @@ run_test "DTLS proxy: 3d, FS, ticket" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ @@ -8829,6 +9406,7 @@ run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, max handshake, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ @@ -8839,6 +9417,7 @@ run_test "DTLS proxy: 3d, max handshake, nbio" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8853,6 +9432,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8868,6 +9448,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8883,6 +9464,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8898,6 +9480,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8914,6 +9497,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ client_needs_more_time 4 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ @@ -8936,6 +9520,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ skip_next_test client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 2048" \ @@ -8946,6 +9531,7 @@ run_test "DTLS proxy: 3d, openssl server" \ skip_next_test # see above client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ @@ -8956,6 +9542,7 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation" \ skip_next_test # see above client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_SRV -dtls1 -mtu 768" \ @@ -8966,6 +9553,7 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ requires_gnutls client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 2048 -a" \ @@ -8977,6 +9565,7 @@ run_test "DTLS proxy: 3d, gnutls server" \ requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ @@ -8988,6 +9577,7 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ @@ -8996,6 +9586,7 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -s "Extra-header:" \ -c "Extra-header:" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "export keys functionality" \ "$P_SRV eap_tls=1 debug_level=3" \ "$P_CLI eap_tls=1 debug_level=3" \ @@ -9336,6 +9927,7 @@ run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" # Test heap memory usage after handshake +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH From c5aef88be6b8e2ea6bf0487da48163711d9e1efa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Dec 2021 20:15:02 +0800 Subject: [PATCH 06/48] tls13_only: guard ssl_{cli,srv}.c with TLS1_2 Signed-off-by: Jerry Yu --- library/ssl_cli.c | 94 +++---------------------------- library/ssl_misc.h | 8 +-- library/ssl_srv.c | 20 +++---- library/ssl_tls.c | 136 +++++++++++++++++++++++++++------------------ 4 files changed, 101 insertions(+), 157 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e5cd8ddbdb..4b151f5f3b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -21,6 +21,8 @@ #if defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -90,76 +92,6 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ - unsigned char *p = buf; - size_t hostname_len; - - *olen = 0; - - if( ssl->hostname == NULL ) - return( 0 ); - - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding server name extension: %s", - ssl->hostname ) ); - - hostname_len = strlen( ssl->hostname ); - - MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 ); - - /* - * Sect. 3, RFC 6066 (TLS Extensions Definitions) - * - * In order to provide any of the server names, clients MAY include an - * extension of type "server_name" in the (extended) client hello. The - * "extension_data" field of this extension SHALL contain - * "ServerNameList" where: - * - * struct { - * NameType name_type; - * select (name_type) { - * case host_name: HostName; - * } name; - * } ServerName; - * - * enum { - * host_name(0), (255) - * } NameType; - * - * opaque HostName<1..2^16-1>; - * - * struct { - * ServerName server_name_list<1..2^16-1> - * } ServerNameList; - * - */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 ); - p += 2; - - MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 ); - p += 2; - - MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 ); - p += 2; - - *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ); - - MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 ); - p += 2; - - memcpy( p, ssl->hostname, hostname_len ); - - *olen = hostname_len + 9; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - #if defined(MBEDTLS_SSL_RENEGOTIATION) static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -1028,8 +960,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ( ret = mbedtls_ssl_write_sig_alg_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) { @@ -1037,7 +968,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) return( ret ); } ext_len += olen; -#endif +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -2573,13 +2504,11 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, return( ret ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( len_bytes == 2 ) { MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset ); *olen += 2; } -#endif #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it. */ @@ -2590,7 +2519,6 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -2655,7 +2583,6 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) @@ -2931,10 +2858,8 @@ start_processing: #endif mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void *rs_ctx = NULL; mbedtls_pk_context * peer_pk; @@ -2942,7 +2867,6 @@ start_processing: /* * Handle the digitally-signed structure */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { if( ssl_parse_signature_algorithm( ssl, &p, end, @@ -2970,7 +2894,6 @@ start_processing: } } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -3007,7 +2930,6 @@ start_processing: /* * Compute the hash that has been signed */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( md_alg != MBEDTLS_MD_NONE ) { ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen, @@ -3017,7 +2939,6 @@ start_processing: return( ret ); } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -3213,7 +3134,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) } /* supported_signature_algorithms */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { size_t sig_alg_len = @@ -3259,7 +3179,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) n += 2 + sig_alg_len; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* certificate_authorities */ dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) @@ -3818,7 +3737,6 @@ sign: ssl->handshake->calc_verify( ssl, hash, &hashlen ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { /* @@ -3854,7 +3772,6 @@ sign: offset = 2; } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -4138,4 +4055,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) return( ret ); } + +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9104a591bf..e7fc8eaeca 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -89,14 +89,12 @@ /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 -#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 +#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - /* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ defined(MBEDTLS_SSL_CLI_C) && \ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f4bf5bff60..c8f0e7f9f7 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -21,6 +21,8 @@ #if defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -2956,11 +2958,9 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->handshake->ciphersuite_info; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) unsigned char *dig_signed = NULL; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED && - MBEDTLS_SSL_PROTO_TLS1_2 */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ (void) ciphersuite_info; /* unused in some configurations */ @@ -3066,8 +3066,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) dig_signed = ssl->out_msg + ssl->out_msglen; #endif @@ -3133,8 +3132,7 @@ curve_matching_done: return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) dig_signed = ssl->out_msg + ssl->out_msglen; #endif @@ -3154,9 +3152,7 @@ curve_matching_done: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ size_t hashlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char hash[PSA_HASH_MAX_SIZE]; @@ -3171,7 +3167,7 @@ curve_matching_done: * to choose appropriate hash. */ - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; + mbedtls_md_type_t md_alg; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_pk_type_t sig_alg = @@ -4412,4 +4408,6 @@ void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ) conf->respect_cli_pref = order; } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2d24cadfcb..bff2a95230 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -333,7 +333,6 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, @@ -574,11 +573,9 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen, label, random, rlen, dstbuf, dlen ) ); } #endif /* MBEDTLS_SHA384_C */ -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); @@ -590,7 +587,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned ch static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); #endif -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) @@ -616,6 +612,7 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) { + ((void) tls_prf); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA384_C) if( tls_prf == tls_prf_sha384 ) @@ -632,7 +629,6 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - ((void) tls_prf); return( MBEDTLS_SSL_TLS_PRF_NONE ); } @@ -1122,14 +1118,12 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, int minor_ver, mbedtls_md_type_t hash ) { -#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || \ - !( defined(MBEDTLS_SHA384_C) || defined(MBEDTLS_SHA256_C) ) +#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA384_C) (void) hash; - (void) handshake; (void) minor_ver; + (void) handshake; #endif -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA384_C) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && hash == MBEDTLS_MD_SHA384 ) @@ -1149,7 +1143,6 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, } else #endif -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -1366,7 +1359,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( 0 ); } -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char *hash, @@ -1464,7 +1457,7 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, return; } #endif /* MBEDTLS_SHA384_C */ -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) @@ -2441,7 +2434,6 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, { ((void) ciphersuite_info); -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA384_C) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) ssl->handshake->update_checksum = ssl_update_checksum_sha384; @@ -2452,7 +2444,6 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, ssl->handshake->update_checksum = ssl_update_checksum_sha256; else #endif -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return; @@ -2462,7 +2453,6 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { ((void) ssl); -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort( &ssl->handshake->fin_sha256_psa ); @@ -2479,16 +2469,11 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); #endif #endif -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - ((void) ssl); - ((void) buf); - ((void) len); -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); @@ -2503,10 +2488,8 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); #endif #endif -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -2530,9 +2513,7 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #endif } #endif -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) @@ -2684,7 +2665,6 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } #endif /* MBEDTLS_SHA384_C */ -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) { @@ -2974,7 +2954,6 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) { memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); -// #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); @@ -2993,7 +2972,6 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); #endif #endif -// #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ handshake->update_checksum = ssl_update_checksum_start; @@ -5204,7 +5182,6 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, { return( ssl_session_save( session, 0, buf, buf_len, olen ) ); } - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Deserialize session, see mbedtls_ssl_session_save() for format. @@ -5410,8 +5387,7 @@ static int ssl_session_load_tls12( mbedtls_ssl_session *session, return( 0 ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - +#endif /*MBEDTLS_SSL_PROTO_TLS1_2 */ static int ssl_session_load( mbedtls_ssl_session *session, unsigned char omit_header, const unsigned char *buf, @@ -5781,7 +5757,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort( &handshake->fin_sha256_psa ); @@ -5796,7 +5771,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_sha512_free( &handshake->fin_sha512 ); #endif #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_DHM_C) mbedtls_dhm_free( &handshake->dhm_ctx ); @@ -6222,9 +6196,6 @@ typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* TODO: This function has some problem when - !MBEDTLS_SHA384_C && !MBEDTLS_SHA256_C && MBEDTLS_SHA512_C -*/ #if defined(MBEDTLS_SHA384_C) const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); @@ -6236,9 +6207,9 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) #endif return( tls_prf_sha256 ); #else - ((void) ciphersuite_id); - return NULL; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + (void) ciphersuite_id; + return( NULL ); +#endif } @@ -7582,11 +7553,8 @@ static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); mbedtls_sha256_init( &sha256 ); - // MBEDTLS_SSL_DEBUG_BUF(2,"ssl_get_handshake_transcript_sha256:sha256", &sha256, sizeof(sha256)); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - // MBEDTLS_SSL_DEBUG_MSG(2,("ssl_get_handshake_transcript_sha256")); - // MBEDTLS_SSL_DEBUG_BUF(2,"ssl_get_handshake_transcript_sha256:sha256", &sha256, sizeof(sha256)); - // MBEDTLS_SSL_DEBUG_BUF(2,"ssl_get_handshake_transcript_sha256:ssl->handshake->fin_sha256", &ssl->handshake->fin_sha256, sizeof(ssl->handshake->fin_sha256)); + if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret ); @@ -7608,32 +7576,23 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, size_t dst_len, size_t *olen ) { - int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; switch( md ) { #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: - ret = ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ; - break; + return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ); #endif /* MBEDTLS_SHA384_C */ #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: - ret = ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ; - break; + return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ); #endif /* MBEDTLS_SHA256_C */ default: break; } - ((void) ssl); - ((void) md); - ((void) dst); - ((void) dst_len); - ((void) olen); - - return( ret ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #endif /* !MBEDTLS_USE_PSA_CRYPTO */ @@ -7866,5 +7825,74 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + size_t hostname_len; + + *olen = 0; + + if( ssl->hostname == NULL ) + return( 0 ); + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding server name extension: %s", + ssl->hostname ) ); + + hostname_len = strlen( ssl->hostname ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 ); + + /* + * Sect. 3, RFC 6066 (TLS Extensions Definitions) + * + * In order to provide any of the server names, clients MAY include an + * extension of type "server_name" in the (extended) client hello. The + * "extension_data" field of this extension SHALL contain + * "ServerNameList" where: + * + * struct { + * NameType name_type; + * select (name_type) { + * case host_name: HostName; + * } name; + * } ServerName; + * + * enum { + * host_name(0), (255) + * } NameType; + * + * opaque HostName<1..2^16-1>; + * + * struct { + * ServerName server_name_list<1..2^16-1> + * } ServerNameList; + * + */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 ); + p += 2; + + MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 ); + p += 2; + + MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 ); + p += 2; + + *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ); + + MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 ); + p += 2; + + memcpy( p, ssl->hostname, hostname_len ); + + *olen = hostname_len + 9; + + return( 0 ); +} +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_TLS_C */ From da5af22015deb8dff73b56e35caf762131a38007 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Dec 2021 18:45:45 +0800 Subject: [PATCH 07/48] tls13_only: add tls13_only test component Signed-off-by: Jerry Yu --- tests/configs/tls13-only.h | 58 ++++++++++++++++++++++++++++++++++++++ tests/scripts/all.sh | 8 ++++++ 2 files changed, 66 insertions(+) create mode 100644 tests/configs/tls13-only.h diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h new file mode 100644 index 0000000000..fa043b7b13 --- /dev/null +++ b/tests/configs/tls13-only.h @@ -0,0 +1,58 @@ +/* MBEDTLS_USER_CONFIG_FILE for testing. + * Only used for a few test configurations. + * + * Typical usage (note multiple levels of quoting): + * make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC +#endif + +#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#undef MBEDTLS_SSL_PROTO_TLS1_2 +#endif + +#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_PROTO_TLS1_3 +#endif + +#if !defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) +#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +#endif + +#if defined(MBEDTLS_SSL_PROTO_DTLS) +#undef MBEDTLS_SSL_PROTO_DTLS +#endif + +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY +#endif + +#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) +#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY +#endif + +#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) +#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bd38cdb149..e387cbfb7b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2705,6 +2705,14 @@ component_build_armcc () { armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" } +component_test_tls13_only_build () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 only, without MBEDTLS_SSL_PROTO_TLS1_2" + make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + + msg "ssl-opt.sh (TLS 1.3)" + if_build_succeeded tests/ssl-opt.sh +} + component_test_tls13 () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 From 72a0565e13942b6c2520bba6be95bb9b7d04093e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 25 Jan 2022 14:36:30 +0800 Subject: [PATCH 08/48] docs: Add version support description Signed-off-by: Jerry Yu --- docs/architecture/tls13-support.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index bef3a35660..f374e99cf8 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -120,7 +120,22 @@ MVP definition the three first ones in the list above are mandatory (see section 9.1 of the specification). -- Supported versions: only TLS 1.3, version negotiation is not supported. +- Supported versions: + + - only TLS 1.3, version negotiation is not supported. + + - TLS 1.3 and 1.2 can be disable/enable with build option. One of them MUST be + enabled. Supported build options: + + | MBEDTLS_SSL_PROTO_TLS1_2 | MBEDTLS_SSL_PROTO_TLS1_3 | + | ------------------------ | ------------------------ | + | yes | no | + | no | yes | + | yes | yes | + + - If both TLS 1.3 and TLS 1.2 are enabled, only one of them can be configured + enabled via `mbedtls_ssl_conf_{min,max}_version`. Otherwise, `mbedtls_ssl_setup` + will raise `MBEDTLS_ERR_SSL_BAD_CONFIG` error. - Compatibility with existing SSL/TLS build options: From adb1869f8dd541a729445555fe0291f9cc7229ef Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Jan 2022 12:55:32 +0800 Subject: [PATCH 09/48] fix document about tls13 Signed-off-by: Jerry Yu --- docs/architecture/tls13-support.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index f374e99cf8..76010cb4ad 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -122,20 +122,16 @@ MVP definition - Supported versions: - - only TLS 1.3, version negotiation is not supported. + - TLS 1.2 and TLS 1.3 but version negotiation is not supported. - - TLS 1.3 and 1.2 can be disable/enable with build option. One of them MUST be - enabled. Supported build options: + - TLS 1.3 can be enabled in the build (MBEDTLS_SSL_PROTO_TLS1_3 configuration + option) without TLS 1.2 (MBEDTLS_SSL_PROTO_TLS1_2 configuration option). - | MBEDTLS_SSL_PROTO_TLS1_2 | MBEDTLS_SSL_PROTO_TLS1_3 | - | ------------------------ | ------------------------ | - | yes | no | - | no | yes | - | yes | yes | + - TLS 1.2 can be enabled in the build independently of TLS 1.3. - - If both TLS 1.3 and TLS 1.2 are enabled, only one of them can be configured - enabled via `mbedtls_ssl_conf_{min,max}_version`. Otherwise, `mbedtls_ssl_setup` - will raise `MBEDTLS_ERR_SSL_BAD_CONFIG` error. + - If both TLS 1.3 and TLS 1.2 are enabled at build time, only one of them can + be configured at runtime via `mbedtls_ssl_conf_{min,max}_version`. Otherwise, + `mbedtls_ssl_setup` will raise `MBEDTLS_ERR_SSL_BAD_CONFIG` error. - Compatibility with existing SSL/TLS build options: From 81d5e1fecad65eaf9315e370ea2b97d218be4f13 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Jan 2022 13:01:01 +0800 Subject: [PATCH 10/48] fix various issues Signed-off-by: Jerry Yu --- tests/configs/tls13-only.h | 20 +------------------- tests/scripts/all.sh | 4 ++-- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index fa043b7b13..faba2325dd 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -21,17 +21,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #undef MBEDTLS_SSL_PROTO_TLS1_2 -#endif #if !defined(MBEDTLS_SSL_PROTO_TLS1_3) #define MBEDTLS_SSL_PROTO_TLS1_3 @@ -41,18 +34,7 @@ #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE #endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) #undef MBEDTLS_SSL_PROTO_DTLS -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY -#endif - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e387cbfb7b..8091e258bb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2705,8 +2705,8 @@ component_build_armcc () { armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" } -component_test_tls13_only_build () { - msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 only, without MBEDTLS_SSL_PROTO_TLS1_2" +component_test_tls13_only () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "ssl-opt.sh (TLS 1.3)" From 7d2396332d7736dc2ee2c87d5f56ae1698410201 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Jan 2022 14:16:44 +0800 Subject: [PATCH 11/48] fix wrong setting of max_minor version Signed-off-by: Jerry Yu --- library/ssl_misc.h | 6 +++--- library/ssl_tls.c | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e7fc8eaeca..4b399eb15e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -89,10 +89,10 @@ /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 +#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) +#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* Shorthand for restartable ECC */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bff2a95230..e7bd09088e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6922,7 +6922,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* Hybrid TLS 1.2/1.3 is not supported yet */ + conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; +#else conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; @@ -6961,7 +6966,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, MBEDTLS_SSL_MIN_MINOR_VERSION : MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* Hybrid TLS 1.2/1.3 is not supported yet */ + conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; +#else conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) From db8c48aaff2235dc9469ad5561f6fa322498a9f0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Jan 2022 14:54:54 +0800 Subject: [PATCH 12/48] tls13_only:Remove unnecessary functions Signed-off-by: Jerry Yu --- library/ssl_tls.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e7bd09088e..5baff0cce9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -333,6 +333,7 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, @@ -574,19 +575,28 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen, } #endif /* MBEDTLS_SHA384_C */ -static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); #endif #if defined(MBEDTLS_SHA384_C) -static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); #endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +#if defined(MBEDTLS_SHA256_C) +static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); +#endif + +#if defined(MBEDTLS_SHA384_C) +static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); +#endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1123,6 +1133,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, (void) minor_ver; (void) handshake; #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA384_C) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && @@ -1146,6 +1157,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ return( 0 ); } @@ -1359,7 +1371,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( 0 ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char *hash, @@ -2513,7 +2525,7 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #endif } #endif - +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) @@ -2665,7 +2677,7 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } #endif /* MBEDTLS_SHA384_C */ - +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); From fb4b6478ee1fe3ba697a09cc915766d7f4d0bfe2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Jan 2022 15:03:26 +0800 Subject: [PATCH 13/48] tls13_only: improve guards of files. To improve readability of the preprocess guards. Signed-off-by: Jerry Yu --- library/ssl_cli.c | 8 ++------ library/ssl_srv.c | 8 ++------ library/ssl_tls13_client.c | 8 +++----- library/ssl_tls13_generic.c | 8 ++------ library/ssl_tls13_server.c | 8 ++------ 5 files changed, 11 insertions(+), 29 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4b151f5f3b..2f29ede1f0 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -19,9 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_SSL_CLI_C) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -4056,6 +4054,4 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) return( ret ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#endif /* MBEDTLS_SSL_CLI_C */ +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index c8f0e7f9f7..61c3e6a5c1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -19,9 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_SSL_SRV_C) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -4408,6 +4406,4 @@ void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ) conf->respect_cli_pref = order; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#endif /* MBEDTLS_SSL_SRV_C */ +#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f556c0f26b..d599ef3ae4 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -21,9 +21,7 @@ #include "common.h" -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_CLI_C) &&defined(MBEDTLS_SSL_PROTO_TLS1_3) #include @@ -2059,6 +2057,6 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) return( ret ); } -#endif /* MBEDTLS_SSL_CLI_C */ +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */ + -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1ad03a9b1a..d1646ebd2b 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -19,9 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_SSL_TLS_C) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) #include @@ -1276,6 +1274,4 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl ) return( ret ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#endif /* MBEDTLS_SSL_TLS_C */ +#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5e74083ddf..b5f3ad738d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -19,9 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "mbedtls/debug.h" @@ -38,6 +36,4 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */ From e754193e87b74343996947dfdd91213d3dbd366c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 28 Jan 2022 10:21:24 +0800 Subject: [PATCH 14/48] Remove guard inside ssl_srv.c Signed-off-by: Jerry Yu --- library/ssl_srv.c | 49 ++++++++++++----------------------------------- 1 file changed, 12 insertions(+), 37 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 61c3e6a5c1..e9febfd843 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -224,8 +224,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, return( 0 ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Status of the implementation of signature-algorithms extension: @@ -313,8 +312,7 @@ static int ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1054,8 +1052,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, { const mbedtls_ssl_ciphersuite_t *suite_info; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) mbedtls_pk_type_t sig_type; #endif @@ -1115,8 +1112,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, } #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) @@ -1131,8 +1127,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, } } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) /* @@ -1178,11 +1173,9 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) /* If there is no signature-algorithm extension present, * we need to fall back to the default values for allowed * signature-hash pairs. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) int sig_hash_alg_ext_present = 0; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); @@ -1670,8 +1663,7 @@ read_record_header: return( ret ); break; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) case MBEDTLS_TLS_EXT_SIG_ALG: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); @@ -1681,8 +1673,7 @@ read_record_header: sig_hash_alg_ext_present = 1; break; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1794,8 +1785,7 @@ read_record_header: ext += 4 + ext_size; } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Try to fall back to default hash SHA1 if the client @@ -1815,8 +1805,7 @@ read_record_header: md_default ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -1956,7 +1945,6 @@ have_ciphersuite: /* Debugging-only output for testsuite */ #if defined(MBEDTLS_DEBUG_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { @@ -2794,7 +2782,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) p += ct_len; sa_len = 0; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + /* * Add signature_algorithms for verify (TLS 1.2) * @@ -2834,7 +2822,6 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) sa_len += 2; p += sa_len; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* * DistinguishedName certificate_authorities<0..2^16-1>; @@ -3167,7 +3154,6 @@ curve_matching_done: mbedtls_md_type_t md_alg; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) @@ -3189,14 +3175,12 @@ curve_matching_done: MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) ); /* * 2.2: Compute the hash to be signed */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( md_alg != MBEDTLS_MD_NONE ) { ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen, @@ -3207,7 +3191,6 @@ curve_matching_done: return( ret ); } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -3218,7 +3201,6 @@ curve_matching_done: /* * 2.3: Compute and add the signature */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { /* @@ -3242,7 +3224,6 @@ curve_matching_done: ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg( sig_alg ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_sign_start != NULL ) @@ -3522,7 +3503,6 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, /* * Prepare to decrypt the premaster using own private RSA key */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if ( p + 2 > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); @@ -3533,7 +3513,6 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } -#endif if( p + len != end ) { @@ -4063,9 +4042,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) unsigned char hash[48]; unsigned char *hash_start = hash; size_t hashlen; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_pk_type_t pk_alg; -#endif mbedtls_md_type_t md_alg; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -4133,7 +4110,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) * opaque signature<0..2^16-1>; * } DigitallySigned; */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { if( i + 2 > ssl->in_hslen ) @@ -4187,7 +4163,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) i++; } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); From 6331909d12b564057f29f28498fd47c33244054d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 28 Jan 2022 10:22:45 +0800 Subject: [PATCH 15/48] remove ifndef guard Signed-off-by: Jerry Yu --- tests/configs/tls13-only.h | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index faba2325dd..0a22c544b7 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -22,18 +22,12 @@ * limitations under the License. */ +#define MBEDTLS_SSL_PROTO_TLS1_3 +#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET #undef MBEDTLS_SSL_PROTO_TLS1_2 - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define MBEDTLS_SSL_PROTO_TLS1_3 -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) -#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -#endif - #undef MBEDTLS_SSL_PROTO_DTLS #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY From cc43c6bee5c0f18cc53adda07eed3523394ed9b8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 28 Jan 2022 10:24:45 +0800 Subject: [PATCH 16/48] fix coding style issue Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d599ef3ae4..7f120a28ef 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -21,7 +21,7 @@ #include "common.h" -#if defined(MBEDTLS_SSL_CLI_C) &&defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) #include From bef175db96c6dd37fae2858a2ebecf71a8d6666d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 28 Jan 2022 10:52:05 +0800 Subject: [PATCH 17/48] Wrap derive_keys with TLS1_2 option Signed-off-by: Jerry Yu --- library/ssl_misc.h | 3 +++ library/ssl_tls.c | 13 +++++-------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4b399eb15e..0656439678 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1140,7 +1140,10 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5baff0cce9..4dd885f17e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1114,6 +1114,7 @@ end: return( ret ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Set appropriate PRF function and other SSL / TLS1.2 functions * @@ -1128,12 +1129,6 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, int minor_ver, mbedtls_md_type_t hash ) { -#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA384_C) - (void) hash; - (void) minor_ver; - (void) handshake; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA384_C) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && @@ -1155,9 +1150,12 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, else #endif { + (void) hash; + (void) minor_ver; + (void) handshake; return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + return( 0 ); } @@ -1371,7 +1369,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( 0 ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char *hash, From bd19287a8ec120b7188a84e4add2b73057f2b878 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Feb 2022 10:20:53 +0800 Subject: [PATCH 18/48] fix docs issue Signed-off-by: Jerry Yu --- docs/architecture/tls13-support.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index 76010cb4ad..39e46c4562 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -124,8 +124,9 @@ MVP definition - TLS 1.2 and TLS 1.3 but version negotiation is not supported. - - TLS 1.3 can be enabled in the build (MBEDTLS_SSL_PROTO_TLS1_3 configuration - option) without TLS 1.2 (MBEDTLS_SSL_PROTO_TLS1_2 configuration option). + - TLS 1.3 cannot be enabled in the build (MBEDTLS_SSL_PROTO_TLS1_3 + configuration option) without TLS 1.2 (MBEDTLS_SSL_PROTO_TLS1_2 configuration + option). - TLS 1.2 can be enabled in the build independently of TLS 1.3. From c73c6180940c466f30d7cecd4c4f108fea4bf2b2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Feb 2022 20:29:25 +0800 Subject: [PATCH 19/48] Wrap function not used by test_tls13_only Signed-off-by: Jerry Yu # Conflicts: # library/ssl_tls13_generic.c --- library/ssl_tls.c | 224 +++++++++++++++++++++++----------------------- 1 file changed, 112 insertions(+), 112 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4dd885f17e..0204f010ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1114,6 +1114,114 @@ end: return( ret ); } +#if defined(MBEDTLS_X509_CRT_PARSE_C) +static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) +{ +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + if( session->peer_cert != NULL ) + { + mbedtls_x509_crt_free( session->peer_cert ); + mbedtls_free( session->peer_cert ); + session->peer_cert = NULL; + } +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + if( session->peer_cert_digest != NULL ) + { + /* Zeroization is not necessary. */ + mbedtls_free( session->peer_cert_digest ); + session->peer_cert_digest = NULL; + session->peer_cert_digest_type = MBEDTLS_MD_NONE; + session->peer_cert_digest_len = 0; + } +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +} +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + +void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) +{ + ((void) ciphersuite_info); + +#if defined(MBEDTLS_SHA384_C) + if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) + ssl->handshake->update_checksum = ssl_update_checksum_sha384; + else +#endif +#if defined(MBEDTLS_SHA256_C) + if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) + ssl->handshake->update_checksum = ssl_update_checksum_sha256; + else +#endif + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return; + } +} + +void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) +{ + ((void) ssl); +#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort( &ssl->handshake->fin_sha256_psa ); + psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); +#else + mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); +#endif +#endif +#if defined(MBEDTLS_SHA384_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort( &ssl->handshake->fin_sha384_psa ); + psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); +#else + mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); +#endif +#endif +} + +static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len ) +{ +#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); +#else + mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); +#endif +#endif +#if defined(MBEDTLS_SHA384_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); +#else + mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); +#endif +#endif +} + +#if defined(MBEDTLS_SHA256_C) +static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); +#else + mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); +#endif +} +#endif + +#if defined(MBEDTLS_SHA384_C) +static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); +#else + mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); +#endif +} +#endif + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Set appropriate PRF function and other SSL / TLS1.2 functions @@ -1466,7 +1574,6 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, return; } #endif /* MBEDTLS_SHA384_C */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) @@ -1625,29 +1732,6 @@ int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) #endif #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) -{ -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( session->peer_cert != NULL ) - { - mbedtls_x509_crt_free( session->peer_cert ); - mbedtls_free( session->peer_cert ); - session->peer_cert = NULL; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( session->peer_cert_digest != NULL ) - { - /* Zeroization is not necessary. */ - mbedtls_free( session->peer_cert_digest ); - session->peer_cert_digest = NULL; - session->peer_cert_digest_type = MBEDTLS_MD_NONE; - session->peer_cert_digest_len = 0; - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - /* * Handshake functions */ @@ -1998,7 +2082,6 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) return( -1 ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && @@ -2007,7 +2090,6 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); return( 0 ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ return( -1 ); } #endif /* MBEDTLS_SSL_SRV_C */ @@ -2438,91 +2520,6 @@ exit: } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) -{ - ((void) ciphersuite_info); - -#if defined(MBEDTLS_SHA384_C) - if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - ssl->handshake->update_checksum = ssl_update_checksum_sha384; - else -#endif -#if defined(MBEDTLS_SHA256_C) - if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) - ssl->handshake->update_checksum = ssl_update_checksum_sha256; - else -#endif - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return; - } -} - -void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) -{ - ((void) ssl); -#if defined(MBEDTLS_SHA256_C) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &ssl->handshake->fin_sha256_psa ); - psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); -#else - mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); -#endif -#endif -#if defined(MBEDTLS_SHA384_C) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &ssl->handshake->fin_sha384_psa ); - psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); -#else - mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); -#endif -#endif -} - -static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ -#if defined(MBEDTLS_SHA256_C) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); -#else - mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); -#endif -#endif -#if defined(MBEDTLS_SHA384_C) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); -#else - mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); -#endif -#endif -} - -#if defined(MBEDTLS_SHA256_C) -static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); -#else - mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); -#endif -} -#endif - -#if defined(MBEDTLS_SHA384_C) -static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); -#else - mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); -#endif -} -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) @@ -2674,7 +2671,7 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } #endif /* MBEDTLS_SHA384_C */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); @@ -2959,6 +2956,8 @@ exit: return( ret ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) { memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); @@ -7844,6 +7843,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, unsigned char *buf, From 53d23e2c95b7a45821fbafbdc32dcddf5c4143f7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 9 Feb 2022 16:25:09 +0800 Subject: [PATCH 20/48] Guards tls_prf functions with TLS1_2 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 59 +++++++++++++++------------- tests/suites/test_suite_ssl.function | 4 +- 2 files changed, 35 insertions(+), 28 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0204f010ac..bb514cd1fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -577,7 +577,7 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); @@ -590,13 +590,15 @@ static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char * #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); + #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); -#endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA384_C) static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); -#endif +#endif /* MBEDTLS_SHA384_C */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) @@ -620,28 +622,6 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) -{ - ((void) tls_prf); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA384_C) - if( tls_prf == tls_prf_sha384 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA384 ); - } - else -#endif -#if defined(MBEDTLS_SHA256_C) - if( tls_prf == tls_prf_sha256 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA256 ); - } - else -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - return( MBEDTLS_SSL_TLS_PRF_NONE ); -} - int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, const char *label, @@ -671,6 +651,30 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) || \ + defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) +{ + ((void) tls_prf); +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA384_C) + if( tls_prf == tls_prf_sha384 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA384 ); + } + else +#endif +#if defined(MBEDTLS_SHA256_C) + if( tls_prf == tls_prf_sha256 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA256 ); + } + else +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + return( MBEDTLS_SSL_TLS_PRF_NONE ); +} + /* Type for the TLS PRF */ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, const unsigned char *, size_t, @@ -1113,6 +1117,7 @@ end: mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); return( ret ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 || MBEDTLS_SSL_CONTEXT_SERIALIZATION */ #if defined(MBEDTLS_X509_CRT_PARSE_C) static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) @@ -6214,10 +6219,10 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) (void) ciphersuite_id; #endif return( tls_prf_sha256 ); -#else +#else /* MBEDTLS_SSL_PROTO_TLS1_2 */ (void) ciphersuite_id; return( NULL ); -#endif +#endif /* !MBEDTLS_SSL_PROTO_TLS1_2 */ } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 53f541fad3..f03d99242b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1186,6 +1186,7 @@ int psk_dummy_callback( void *p_info, mbedtls_ssl_context *ssl, #define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, @@ -1226,6 +1227,7 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, iv, iv_len, input, ilen, output, olen ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ static int build_transforms( mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, @@ -4198,7 +4200,7 @@ void ssl_tls13_key_evolution( int hash_alg, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */ void ssl_tls_prf( int type, data_t * secret, data_t * random, char *label, data_t *result_str, int exp_ret ) { From baa4934e7b9d1af481ac06965299bbd35b43cb69 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 15 Feb 2022 10:26:40 +0800 Subject: [PATCH 21/48] Add check tests Signed-off-by: Jerry Yu --- tests/scripts/all.sh | 3 + tests/ssl-opt.sh | 1 + tests/suites/test_suite_ssl.data | 86 +++++++++++++++++++++------- tests/suites/test_suite_ssl.function | 6 +- 4 files changed, 75 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8091e258bb..0c2d9ddf6b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2709,6 +2709,9 @@ component_test_tls13_only () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2" + if_build_succeeded make test + msg "ssl-opt.sh (TLS 1.3)" if_build_succeeded tests/ssl-opt.sh } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2aa2657cef..dd05716edd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2815,6 +2815,7 @@ run_test "Session resume using tickets: basic" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "Session resume using tickets: manual rotation" \ "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 4400afa105..d15f83bc40 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -104,111 +104,147 @@ Test mbedtls_endpoint sanity for the server mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER Test moving clients handshake to state: HELLO_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving clients handshake to state: CLIENT_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving clients handshake to state: SERVER_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1 Test moving clients handshake to state: SERVER_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving clients handshake to state: SERVER_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving clients handshake to state: SERVER_HELLO_DONE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: CLIENT_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving clients handshake to state: HANDSHAKE_OVER +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 Test moving servers handshake to state: HELLO_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1 Test moving servers handshake to state: CLIENT_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1 Test moving servers handshake to state: SERVER_HELLO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1 Test moving servers handshake to state: SERVER_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving servers handshake to state: SERVER_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: CLIENT_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving servers handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving servers handshake to state: HANDSHAKE_WRAPUP +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving servers handshake to state: HANDSHAKE_OVER +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0 Negative test moving servers ssl to state: NEW_SESSION_TICKET +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 Handshake, tls1_2 @@ -272,9 +308,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS handshake_serialization DTLS Handshake fragmentation, MFL=512 +depends_on:MBEDTLS_SSL_PROTO_DTLS handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1 DTLS Handshake fragmentation, MFL=1024 +depends_on:MBEDTLS_SSL_PROTO_DTLS handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1 Handshake min/max version check, all -> 1.2 @@ -619,15 +657,19 @@ SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice ssl_set_hostname_twice:"server0":"server1" SSL session serialization: Wrong major version +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_session_serialize_version_check:1:0:0:0 SSL session serialization: Wrong minor version +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_session_serialize_version_check:0:1:0:0 SSL session serialization: Wrong patch version +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_session_serialize_version_check:0:0:1:0 SSL session serialization: Wrong config +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_session_serialize_version_check:0:0:0:1 Record crypt, AES-128-CBC, 1.2, SHA-384 @@ -4559,95 +4601,99 @@ depends_on:!MBEDTLS_SHA256_C ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE Session serialization, save-load: no ticket, no cert +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_load:0:"" Session serialization, save-load: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_load:42:"" Session serialization, save-load: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_load:1023:"" Session serialization, save-load: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_load:0:"data_files/server5.crt" Session serialization, save-load: small ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_load:42:"data_files/server5.crt" Session serialization, save-load: large ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_load:1023:"data_files/server5.crt" Session serialization, load-save: no ticket, no cert +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_load_save:0:"" Session serialization, load-save: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_load_save:42:"" Session serialization, load-save: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_load_save:1023:"" Session serialization, load-save: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_load_save:0:"data_files/server5.crt" Session serialization, load-save: small ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO ssl_serialize_session_load_save:42:"data_files/server5.crt" Session serialization, load-save: large ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO ssl_serialize_session_load_save:1023:"data_files/server5.crt" Session serialization, save buffer size: no ticket, no cert +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_buf_size:0:"" Session serialization, save buffer size: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_buf_size:42:"" Session serialization, save buffer size: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_buf_size:1023:"" Session serialization, save buffer size: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_save_buf_size:0:"data_files/server5.crt" Session serialization, save buffer size: small ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO ssl_serialize_session_save_buf_size:42:"data_files/server5.crt" Session serialization, save buffer size: large ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt" Session serialization, load buffer size: no ticket, no cert +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_serialize_session_load_buf_size:0:"" Session serialization, load buffer size: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C ssl_serialize_session_load_buf_size:42:"" Session serialization, load buffer size: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C ssl_serialize_session_load_buf_size:1023:"" Session serialization, load buffer size: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO ssl_serialize_session_load_buf_size:0:"data_files/server5.crt" Session serialization, load buffer size: small ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO ssl_serialize_session_load_buf_size:42:"data_files/server5.crt" Session serialization, load buffer size: large ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt" Constant-flow HMAC: MD5 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f03d99242b..cbdb88f6f3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5038,9 +5038,13 @@ void conf_curve() mbedtls_ssl_config conf; mbedtls_ssl_config_init( &conf ); - +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_ssl_conf_max_version( &conf, 3, 3 ); mbedtls_ssl_conf_min_version( &conf, 3, 3 ); +#else + mbedtls_ssl_conf_max_version( &conf, 3, 4 ); + mbedtls_ssl_conf_min_version( &conf, 3, 4 ); +#endif mbedtls_ssl_conf_curves( &conf, curve_list ); mbedtls_ssl_context ssl; From ed14c9300845b06e4ba463aa4a1e225ec1feb60d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 13:40:45 +0800 Subject: [PATCH 22/48] add static prototypes prepare for moving functions Signed-off-by: Jerry Yu --- library/ssl_tls.c | 72 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 59 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bb514cd1fc..16cd454cdc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -333,6 +333,65 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ); + +static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ); + +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ + +/* Type for the TLS PRF */ +typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, + const unsigned char *, size_t, + unsigned char *, size_t); + +static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, + int ciphersuite, + const unsigned char master[48], +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ + defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + int encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + ssl_tls_prf_t tls_prf, + const unsigned char randbytes[64], + int minor_ver, + unsigned endpoint, + const mbedtls_ssl_context *ssl ); + +#if defined(MBEDTLS_SHA256_C) +static int tls_prf_sha256( const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ); +static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); +static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); + +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) +static int tls_prf_sha384( const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ); + +static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); +static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); +#endif /* MBEDTLS_SHA384_C */ + +static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len ); +static int ssl_session_load_tls12( mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -577,19 +636,6 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA256_C) -static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); -static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); -#endif - -#if defined(MBEDTLS_SHA384_C) -static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); -static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); #if defined(MBEDTLS_SHA256_C) From dc7bd17d11d02b95d973a25aa2413795c51e3ce3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 13:44:15 +0800 Subject: [PATCH 23/48] move tls_prf_sha256/384 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 491 +++++++++++++++++++++++----------------------- 1 file changed, 247 insertions(+), 244 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 16cd454cdc..bb56583e1b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -392,250 +392,6 @@ static int ssl_session_load_tls12( mbedtls_ssl_session *session, size_t len ); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - -static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char* seed, size_t seed_length, - const unsigned char* label, size_t label_length, - size_t capacity ) -{ - psa_status_t status; - - status = psa_key_derivation_setup( derivation, alg ); - if( status != PSA_SUCCESS ) - return( status ); - - if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) - { - status = psa_key_derivation_input_bytes( derivation, - PSA_KEY_DERIVATION_INPUT_SEED, - seed, seed_length ); - if( status != PSA_SUCCESS ) - return( status ); - - if( mbedtls_svc_key_id_is_null( key ) ) - { - status = psa_key_derivation_input_bytes( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, - NULL, 0 ); - } - else - { - status = psa_key_derivation_input_key( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key ); - } - if( status != PSA_SUCCESS ) - return( status ); - - status = psa_key_derivation_input_bytes( derivation, - PSA_KEY_DERIVATION_INPUT_LABEL, - label, label_length ); - if( status != PSA_SUCCESS ) - return( status ); - } - else - { - return( PSA_ERROR_NOT_SUPPORTED ); - } - - status = psa_key_derivation_set_capacity( derivation, capacity ); - if( status != PSA_SUCCESS ) - return( status ); - - return( PSA_SUCCESS ); -} - -static int tls_prf_generic( mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ - psa_status_t status; - psa_algorithm_t alg; - mbedtls_svc_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - if( md_type == MBEDTLS_MD_SHA384 ) - alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); - else - alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); - - /* Normally a "secret" should be long enough to be impossible to - * find by brute force, and in particular should not be empty. But - * this PRF is also used to derive an IV, in particular in EAP-TLS, - * and for this use case it makes sense to have a 0-length "secret". - * Since the key API doesn't allow importing a key of length 0, - * keep master_key=0, which setup_psa_key_derivation() understands - * to mean a 0-length "secret" input. */ - if( slen != 0 ) - { - psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &key_attributes, alg ); - psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE ); - - status = psa_import_key( &key_attributes, secret, slen, &master_key ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - - status = setup_psa_key_derivation( &derivation, - master_key, alg, - random, rlen, - (unsigned char const *) label, - (size_t) strlen( label ), - dlen ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - - status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - - status = psa_key_derivation_abort( &derivation ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - - if( ! mbedtls_svc_key_id_is_null( master_key ) ) - status = psa_destroy_key( master_key ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - - return( 0 ); -} - -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -static int tls_prf_generic( mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ - size_t nb; - size_t i, j, k, md_len; - unsigned char *tmp; - size_t tmp_len = 0; - unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_init( &md_ctx ); - - if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - - md_len = mbedtls_md_get_size( md_info ); - - tmp_len = md_len + strlen( label ) + rlen; - tmp = mbedtls_calloc( 1, tmp_len ); - if( tmp == NULL ) - { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - - nb = strlen( label ); - memcpy( tmp + md_len, label, nb ); - memcpy( tmp + md_len + nb, random, rlen ); - nb += rlen; - - /* - * Compute P_(secret, label + random)[0..dlen] - */ - if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - goto exit; - - ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen ); - if( ret != 0 ) - goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); - if( ret != 0 ) - goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); - if( ret != 0 ) - goto exit; - - for( i = 0; i < dlen; i += md_len ) - { - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) - goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); - if( ret != 0 ) - goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, h_i ); - if( ret != 0 ) - goto exit; - - ret = mbedtls_md_hmac_reset ( &md_ctx ); - if( ret != 0 ) - goto exit; - ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); - if( ret != 0 ) - goto exit; - ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); - if( ret != 0 ) - goto exit; - - k = ( i + md_len > dlen ) ? dlen % md_len : md_len; - - for( j = 0; j < k; j++ ) - dstbuf[i + j] = h_i[j]; - } - -exit: - mbedtls_md_free( &md_ctx ); - - mbedtls_platform_zeroize( tmp, tmp_len ); - mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); - - mbedtls_free( tmp ); - - return( ret ); -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_SHA256_C) -static int tls_prf_sha256( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ - return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, - label, random, rlen, dstbuf, dlen ) ); -} -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) -static int tls_prf_sha384( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ - return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, - label, random, rlen, dstbuf, dlen ) ); -} -#endif /* MBEDTLS_SHA384_C */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); #if defined(MBEDTLS_SHA256_C) @@ -7965,4 +7721,251 @@ int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + +static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const unsigned char* seed, size_t seed_length, + const unsigned char* label, size_t label_length, + size_t capacity ) +{ + psa_status_t status; + + status = psa_key_derivation_setup( derivation, alg ); + if( status != PSA_SUCCESS ) + return( status ); + + if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) + { + status = psa_key_derivation_input_bytes( derivation, + PSA_KEY_DERIVATION_INPUT_SEED, + seed, seed_length ); + if( status != PSA_SUCCESS ) + return( status ); + + if( mbedtls_svc_key_id_is_null( key ) ) + { + status = psa_key_derivation_input_bytes( + derivation, PSA_KEY_DERIVATION_INPUT_SECRET, + NULL, 0 ); + } + else + { + status = psa_key_derivation_input_key( + derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key ); + } + if( status != PSA_SUCCESS ) + return( status ); + + status = psa_key_derivation_input_bytes( derivation, + PSA_KEY_DERIVATION_INPUT_LABEL, + label, label_length ); + if( status != PSA_SUCCESS ) + return( status ); + } + else + { + return( PSA_ERROR_NOT_SUPPORTED ); + } + + status = psa_key_derivation_set_capacity( derivation, capacity ); + if( status != PSA_SUCCESS ) + return( status ); + + return( PSA_SUCCESS ); +} + +static int tls_prf_generic( mbedtls_md_type_t md_type, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ) +{ + psa_status_t status; + psa_algorithm_t alg; + mbedtls_svc_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_derivation_operation_t derivation = + PSA_KEY_DERIVATION_OPERATION_INIT; + + if( md_type == MBEDTLS_MD_SHA384 ) + alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); + else + alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); + + /* Normally a "secret" should be long enough to be impossible to + * find by brute force, and in particular should not be empty. But + * this PRF is also used to derive an IV, in particular in EAP-TLS, + * and for this use case it makes sense to have a 0-length "secret". + * Since the key API doesn't allow importing a key of length 0, + * keep master_key=0, which setup_psa_key_derivation() understands + * to mean a 0-length "secret" input. */ + if( slen != 0 ) + { + psa_key_attributes_t key_attributes = psa_key_attributes_init(); + psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &key_attributes, alg ); + psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE ); + + status = psa_import_key( &key_attributes, secret, slen, &master_key ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = setup_psa_key_derivation( &derivation, + master_key, alg, + random, rlen, + (unsigned char const *) label, + (size_t) strlen( label ), + dlen ); + if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( &derivation ); + psa_destroy_key( master_key ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen ); + if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( &derivation ); + psa_destroy_key( master_key ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_key_derivation_abort( &derivation ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( master_key ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + if( ! mbedtls_svc_key_id_is_null( master_key ) ) + status = psa_destroy_key( master_key ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + return( 0 ); +} + +#else /* MBEDTLS_USE_PSA_CRYPTO */ + +static int tls_prf_generic( mbedtls_md_type_t md_type, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ) +{ + size_t nb; + size_t i, j, k, md_len; + unsigned char *tmp; + size_t tmp_len = 0; + unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; + const mbedtls_md_info_t *md_info; + mbedtls_md_context_t md_ctx; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + mbedtls_md_init( &md_ctx ); + + if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + md_len = mbedtls_md_get_size( md_info ); + + tmp_len = md_len + strlen( label ) + rlen; + tmp = mbedtls_calloc( 1, tmp_len ); + if( tmp == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + + nb = strlen( label ); + memcpy( tmp + md_len, label, nb ); + memcpy( tmp + md_len + nb, random, rlen ); + nb += rlen; + + /* + * Compute P_(secret, label + random)[0..dlen] + */ + if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) + goto exit; + + ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen ); + if( ret != 0 ) + goto exit; + ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); + if( ret != 0 ) + goto exit; + ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); + if( ret != 0 ) + goto exit; + + for( i = 0; i < dlen; i += md_len ) + { + ret = mbedtls_md_hmac_reset ( &md_ctx ); + if( ret != 0 ) + goto exit; + ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); + if( ret != 0 ) + goto exit; + ret = mbedtls_md_hmac_finish( &md_ctx, h_i ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_md_hmac_reset ( &md_ctx ); + if( ret != 0 ) + goto exit; + ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); + if( ret != 0 ) + goto exit; + ret = mbedtls_md_hmac_finish( &md_ctx, tmp ); + if( ret != 0 ) + goto exit; + + k = ( i + md_len > dlen ) ? dlen % md_len : md_len; + + for( j = 0; j < k; j++ ) + dstbuf[i + j] = h_i[j]; + } + +exit: + mbedtls_md_free( &md_ctx ); + + mbedtls_platform_zeroize( tmp, tmp_len ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); + + mbedtls_free( tmp ); + + return( ret ); +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_SHA256_C) +static int tls_prf_sha256( const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ) +{ + return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, + label, random, rlen, dstbuf, dlen ) ); +} +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) +static int tls_prf_sha384( const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ) +{ + return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, + label, random, rlen, dstbuf, dlen ) ); +} +#endif /* MBEDTLS_SHA384_C */ + +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + #endif /* MBEDTLS_SSL_TLS_C */ From f009d8618673a0f4ac30d155ba09fb471efdebeb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:01:37 +0800 Subject: [PATCH 24/48] move set_handshake_prfs Signed-off-by: Jerry Yu --- library/ssl_tls.c | 87 +++++++++++++++++++++++------------------------ 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bb56583e1b..71a63b3346 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1030,50 +1030,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Set appropriate PRF function and other SSL / TLS1.2 functions - * - * Inputs: - * - SSL/TLS minor version - * - hash associated with the ciphersuite (only used by TLS 1.2) - * - * Outputs: - * - the tls_prf, calc_verify and calc_finished members of handshake structure - */ -static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, - int minor_ver, - mbedtls_md_type_t hash ) -{ - -#if defined(MBEDTLS_SHA384_C) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - hash == MBEDTLS_MD_SHA384 ) - { - handshake->tls_prf = tls_prf_sha384; - handshake->calc_verify = ssl_calc_verify_tls_sha384; - handshake->calc_finished = ssl_calc_finished_tls_sha384; - } - else -#endif -#if defined(MBEDTLS_SHA256_C) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - handshake->tls_prf = tls_prf_sha256; - handshake->calc_verify = ssl_calc_verify_tls_sha256; - handshake->calc_finished = ssl_calc_finished_tls_sha256; - } - else -#endif - { - (void) hash; - (void) minor_ver; - (void) handshake; - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - - return( 0 ); -} /* * Compute master secret if needed @@ -7966,6 +7922,49 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen, } #endif /* MBEDTLS_SHA384_C */ +/* + * Set appropriate PRF function and other SSL / TLS1.2 functions + * + * Inputs: + * - SSL/TLS minor version + * - hash associated with the ciphersuite (only used by TLS 1.2) + * + * Outputs: + * - the tls_prf, calc_verify and calc_finished members of handshake structure + */ +static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, + int minor_ver, + mbedtls_md_type_t hash ) +{ + +#if defined(MBEDTLS_SHA384_C) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && + hash == MBEDTLS_MD_SHA384 ) + { + handshake->tls_prf = tls_prf_sha384; + handshake->calc_verify = ssl_calc_verify_tls_sha384; + handshake->calc_finished = ssl_calc_finished_tls_sha384; + } + else +#endif +#if defined(MBEDTLS_SHA256_C) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + { + handshake->tls_prf = tls_prf_sha256; + handshake->calc_verify = ssl_calc_verify_tls_sha256; + handshake->calc_finished = ssl_calc_finished_tls_sha256; + } + else +#endif + { + (void) hash; + (void) minor_ver; + (void) handshake; + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + return( 0 ); +} #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From d6ab2359725ddba16960ee25503e26e28d5df41e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:03:43 +0800 Subject: [PATCH 25/48] move use_opaque_psk Signed-off-by: Jerry Yu --- library/ssl_tls.c | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 71a63b3346..f8d4d2a834 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -402,28 +402,6 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned ch static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); #endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) -static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) -{ - if( ssl->conf->f_psk != NULL ) - { - /* If we've used a callback to select the PSK, - * the static configuration is irrelevant. */ - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( 1 ); - - return( 0 ); - } - - if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) - return( 1 ); - - return( 0 ); -} -#endif /* MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, const char *label, @@ -7965,6 +7943,29 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, return( 0 ); } + +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) +{ + if( ssl->conf->f_psk != NULL ) + { + /* If we've used a callback to select the PSK, + * the static configuration is irrelevant. */ + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) + return( 1 ); + + return( 0 ); + } + + if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) + return( 1 ); + + return( 0 ); +} +#endif /* MBEDTLS_USE_PSA_CRYPTO && + MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 2a7b5ac79185c029c07c7bd295aa745d2841d52e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:07:00 +0800 Subject: [PATCH 26/48] move compute_master Signed-off-by: Jerry Yu --- library/ssl_tls.c | 282 +++++++++++++++++++++++----------------------- 1 file changed, 141 insertions(+), 141 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f8d4d2a834..d56cbbd889 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,147 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Compute master secret if needed - * - * Parameters: - * [in/out] handshake - * [in] resume, premaster, extended_ms, calc_verify, tls_prf - * (PSA-PSK) ciphersuite_info, psk_opaque - * [out] premaster (cleared) - * [out] master - * [in] ssl: optionally used for debugging, EMS and PSA-PSK - * debug: conf->f_dbg, conf->p_dbg - * EMS: passed to calc_verify (debug + session_negotiate) - * PSA-PSA: minor_ver, conf - */ -static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, - unsigned char *master, - const mbedtls_ssl_context *ssl ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* cf. RFC 5246, Section 8.1: - * "The master secret is always exactly 48 bytes in length." */ - size_t const master_secret_len = 48; - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - unsigned char session_hash[48]; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - - /* The label for the KDF used for key expansion. - * This is either "master secret" or "extended master secret" - * depending on whether the Extended Master Secret extension - * is used. */ - char const *lbl = "master secret"; - - /* The salt for the KDF used for key expansion. - * - If the Extended Master Secret extension is not used, - * this is ClientHello.Random + ServerHello.Random - * (see Sect. 8.1 in RFC 5246). - * - If the Extended Master Secret extension is used, - * this is the transcript of the handshake so far. - * (see Sect. 4 in RFC 7627). */ - unsigned char const *salt = handshake->randbytes; - size_t salt_len = 64; - -#if !defined(MBEDTLS_DEBUG_C) && \ - !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !(defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) - ssl = NULL; /* make sure we don't use it except for those cases */ - (void) ssl; -#endif - - if( handshake->resume != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); - return( 0 ); - } - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) - { - lbl = "extended master secret"; - salt = session_hash; - handshake->calc_verify( ssl, session_hash, &salt_len ); - - MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret", - session_hash, salt_len ); - } -#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - ssl_use_opaque_psk( ssl ) == 1 ) - { - /* Perform PSK-to-MS expansion in a single step. */ - psa_status_t status; - psa_algorithm_t alg; - mbedtls_svc_key_id_t psk; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); - - psk = mbedtls_ssl_get_opaque_psk( ssl ); - - if( hash_alg == MBEDTLS_MD_SHA384 ) - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - else - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - - status = setup_psa_key_derivation( &derivation, psk, alg, - salt, salt_len, - (unsigned char const *) lbl, - (size_t) strlen( lbl ), - master_secret_len ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - - status = psa_key_derivation_output_bytes( &derivation, - master, - master_secret_len ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - - status = psa_key_derivation_abort( &derivation ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - else -#endif - { - ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, - lbl, salt, salt_len, - master, - master_secret_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); - return( ret ); - } - - MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", - handshake->premaster, - handshake->pmslen ); - - mbedtls_platform_zeroize( handshake->premaster, - sizeof(handshake->premaster) ); - } - - return( 0 ); -} - int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -7966,6 +7825,147 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ +/* + * Compute master secret if needed + * + * Parameters: + * [in/out] handshake + * [in] resume, premaster, extended_ms, calc_verify, tls_prf + * (PSA-PSK) ciphersuite_info, psk_opaque + * [out] premaster (cleared) + * [out] master + * [in] ssl: optionally used for debugging, EMS and PSA-PSK + * debug: conf->f_dbg, conf->p_dbg + * EMS: passed to calc_verify (debug + session_negotiate) + * PSA-PSA: minor_ver, conf + */ +static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, + unsigned char *master, + const mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* cf. RFC 5246, Section 8.1: + * "The master secret is always exactly 48 bytes in length." */ + size_t const master_secret_len = 48; + +#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) + unsigned char session_hash[48]; +#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ + + /* The label for the KDF used for key expansion. + * This is either "master secret" or "extended master secret" + * depending on whether the Extended Master Secret extension + * is used. */ + char const *lbl = "master secret"; + + /* The salt for the KDF used for key expansion. + * - If the Extended Master Secret extension is not used, + * this is ClientHello.Random + ServerHello.Random + * (see Sect. 8.1 in RFC 5246). + * - If the Extended Master Secret extension is used, + * this is the transcript of the handshake so far. + * (see Sect. 4 in RFC 7627). */ + unsigned char const *salt = handshake->randbytes; + size_t salt_len = 64; + +#if !defined(MBEDTLS_DEBUG_C) && \ + !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ + !(defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) + ssl = NULL; /* make sure we don't use it except for those cases */ + (void) ssl; +#endif + + if( handshake->resume != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); + return( 0 ); + } + +#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) + if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) + { + lbl = "extended master secret"; + salt = session_hash; + handshake->calc_verify( ssl, session_hash, &salt_len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret", + session_hash, salt_len ); + } +#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) + if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && + ssl_use_opaque_psk( ssl ) == 1 ) + { + /* Perform PSK-to-MS expansion in a single step. */ + psa_status_t status; + psa_algorithm_t alg; + mbedtls_svc_key_id_t psk; + psa_key_derivation_operation_t derivation = + PSA_KEY_DERIVATION_OPERATION_INIT; + mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); + + psk = mbedtls_ssl_get_opaque_psk( ssl ); + + if( hash_alg == MBEDTLS_MD_SHA384 ) + alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); + else + alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); + + status = setup_psa_key_derivation( &derivation, psk, alg, + salt, salt_len, + (unsigned char const *) lbl, + (size_t) strlen( lbl ), + master_secret_len ); + if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( &derivation ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_key_derivation_output_bytes( &derivation, + master, + master_secret_len ); + if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( &derivation ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_key_derivation_abort( &derivation ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + else +#endif + { + ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, + lbl, salt, salt_len, + master, + master_secret_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", + handshake->premaster, + handshake->pmslen ); + + mbedtls_platform_zeroize( handshake->premaster, + sizeof(handshake->premaster) ); + } + + return( 0 ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From d62f87e1516ec7adeb4e498303c3c03327897055 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:09:02 +0800 Subject: [PATCH 27/48] move derive_keys Signed-off-by: Jerry Yu --- library/ssl_tls.c | 135 +++++++++++++++++++++++----------------------- 1 file changed, 67 insertions(+), 68 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d56cbbd889..c4d72a444e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,74 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); - - /* Set PRF, calc_verify and calc_finished function pointers */ - ret = ssl_set_handshake_prfs( ssl->handshake, - ssl->minor_ver, - ciphersuite_info->mac ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret ); - return( ret ); - } - - /* Compute master secret if needed */ - ret = ssl_compute_master( ssl->handshake, - ssl->session_negotiate->master, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret ); - return( ret ); - } - - /* Swap the client and server random values: - * - MS derivation wanted client+server (RFC 5246 8.1) - * - key derivation wants server+client (RFC 5246 6.3) */ - { - unsigned char tmp[64]; - memcpy( tmp, ssl->handshake->randbytes, 64 ); - memcpy( ssl->handshake->randbytes, tmp + 32, 32 ); - memcpy( ssl->handshake->randbytes + 32, tmp, 32 ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - } - - /* Populate transform structure */ - ret = ssl_tls12_populate_transform( ssl->transform_negotiate, - ssl->session_negotiate->ciphersuite, - ssl->session_negotiate->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl->session_negotiate->encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - ssl->handshake->tls_prf, - ssl->handshake->randbytes, - ssl->minor_ver, - ssl->conf->endpoint, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret ); - return( ret ); - } - - /* We no longer need Server/ClientHello.random values */ - mbedtls_platform_zeroize( ssl->handshake->randbytes, - sizeof( ssl->handshake->randbytes ) ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); - - return( 0 ); -} - #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char *hash, @@ -7966,6 +7898,73 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, return( 0 ); } +int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = + ssl->handshake->ciphersuite_info; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); + + /* Set PRF, calc_verify and calc_finished function pointers */ + ret = ssl_set_handshake_prfs( ssl->handshake, + ssl->minor_ver, + ciphersuite_info->mac ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret ); + return( ret ); + } + + /* Compute master secret if needed */ + ret = ssl_compute_master( ssl->handshake, + ssl->session_negotiate->master, + ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret ); + return( ret ); + } + + /* Swap the client and server random values: + * - MS derivation wanted client+server (RFC 5246 8.1) + * - key derivation wants server+client (RFC 5246 6.3) */ + { + unsigned char tmp[64]; + memcpy( tmp, ssl->handshake->randbytes, 64 ); + memcpy( ssl->handshake->randbytes, tmp + 32, 32 ); + memcpy( ssl->handshake->randbytes + 32, tmp, 32 ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + } + + /* Populate transform structure */ + ret = ssl_tls12_populate_transform( ssl->transform_negotiate, + ssl->session_negotiate->ciphersuite, + ssl->session_negotiate->master, +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ + defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + ssl->session_negotiate->encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + ssl->handshake->tls_prf, + ssl->handshake->randbytes, + ssl->minor_ver, + ssl->conf->endpoint, + ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret ); + return( ret ); + } + + /* We no longer need Server/ClientHello.random values */ + mbedtls_platform_zeroize( ssl->handshake->randbytes, + sizeof( ssl->handshake->randbytes ) ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); + + return( 0 ); +} #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 8392e0dae4afbc45455d1f17d0ed5574e9eb658e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:10:24 +0800 Subject: [PATCH 28/48] move calc_verify_tls_sha256 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 99 ++++++++++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 49 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c4d72a444e..b80aa5c0e6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,55 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA256_C) -void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t hash_size; - psa_status_t status; - psa_hash_operation_t sha256_psa = psa_hash_operation_init(); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); - return; - } - - status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); - return; - } - - *hlen = 32; - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); -#else - mbedtls_sha256_context sha256; - - mbedtls_sha256_init( &sha256 ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); - - mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish( &sha256, hash ); - - *hlen = 32; - - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); - - mbedtls_sha256_free( &sha256 ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - return; -} -#endif /* MBEDTLS_SHA256_C */ - #if defined(MBEDTLS_SHA384_C) void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, unsigned char *hash, @@ -7965,6 +7916,56 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( 0 ); } + +#if defined(MBEDTLS_SHA256_C) +void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_status_t status; + psa_hash_operation_t sha256_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) ); + status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + + *hlen = 32; + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); +#else + mbedtls_sha256_context sha256; + + mbedtls_sha256_init( &sha256 ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); + + mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); + mbedtls_sha256_finish( &sha256, hash ); + + *hlen = 32; + + MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + + mbedtls_sha256_free( &sha256 ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + return; +} +#endif /* MBEDTLS_SHA256_C */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From c1cb384708f05d718a0a500cf96a7bf6bfebc0c1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:13:48 +0800 Subject: [PATCH 29/48] move calc_verify_tls_sha384 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 98 +++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b80aa5c0e6..ce111f9e02 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,55 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA384_C) -void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t hash_size; - psa_status_t status; - psa_hash_operation_t sha384_psa = psa_hash_operation_init(); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); - return; - } - - status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); - return; - } - - *hlen = 48; - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); -#else - mbedtls_sha512_context sha512; - - mbedtls_sha512_init( &sha512 ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); - - mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish( &sha512, hash ); - - *hlen = 48; - - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); - - mbedtls_sha512_free( &sha512 ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - return; -} -#endif /* MBEDTLS_SHA384_C */ - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) { @@ -7966,6 +7917,55 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA384_C) +void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_status_t status; + psa_hash_operation_t sha384_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) ); + status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + + *hlen = 48; + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); +#else + mbedtls_sha512_context sha512; + + mbedtls_sha512_init( &sha512 ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); + + mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); + mbedtls_sha512_finish( &sha512, hash ); + + *hlen = 48; + + MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + + mbedtls_sha512_free( &sha512 ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + return; +} +#endif /* MBEDTLS_SHA384_C */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From ce3dca4175cda94a0ea21742825a3c285f797a8e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:16:37 +0800 Subject: [PATCH 30/48] move psk_derive_premaster Signed-off-by: Jerry Yu --- library/ssl_tls.c | 251 +++++++++++++++++++++++----------------------- 1 file changed, 125 insertions(+), 126 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ce111f9e02..9af6ced18a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,132 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) -{ - unsigned char *p = ssl->handshake->premaster; - unsigned char *end = p + sizeof( ssl->handshake->premaster ); - const unsigned char *psk = NULL; - size_t psk_len = 0; - - if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) - == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) - { - /* - * This should never happen because the existence of a PSK is always - * checked before calling this function - */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* - * PMS = struct { - * opaque other_secret<0..2^16-1>; - * opaque psk<0..2^16-1>; - * }; - * with "other_secret" depending on the particular key exchange - */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) - { - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); - p += 2; - - if( end < p || (size_t)( end - p ) < psk_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - memset( p, 0, psk_len ); - p += psk_len; - } - else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { - /* - * other_secret already set by the ClientKeyExchange message, - * and is 48 bytes long - */ - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - *p++ = 0; - *p++ = 48; - p += 48; - } - else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Write length only when we know the actual value */ - if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - p + 2, end - ( p + 2 ), &len, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( ret ); - } - MBEDTLS_PUT_UINT16_BE( len, p, 0 ); - p += 2 + len; - - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); - } - else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t zlen; - - if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, - p + 2, end - ( p + 2 ), - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); - return( ret ); - } - - MBEDTLS_PUT_UINT16_BE( zlen, p, 0 ); - p += 2 + zlen; - - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); - } - else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* opaque psk<0..2^16-1>; */ - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); - p += 2; - - if( end < p || (size_t)( end - p ) < psk_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - memcpy( p, psk, psk_len ); - p += psk_len; - - ssl->handshake->pmslen = p - ssl->handshake->premaster; - - return( 0 ); -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); @@ -7966,6 +7840,131 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) +{ + unsigned char *p = ssl->handshake->premaster; + unsigned char *end = p + sizeof( ssl->handshake->premaster ); + const unsigned char *psk = NULL; + size_t psk_len = 0; + + if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) + == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + { + /* + * This should never happen because the existence of a PSK is always + * checked before calling this function + */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* + * PMS = struct { + * opaque other_secret<0..2^16-1>; + * opaque psk<0..2^16-1>; + * }; + * with "other_secret" depending on the particular key exchange + */ +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) + if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) + { + if( end - p < 2 ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); + p += 2; + + if( end < p || (size_t)( end - p ) < psk_len ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + memset( p, 0, psk_len ); + p += psk_len; + } + else +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) + if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) + { + /* + * other_secret already set by the ClientKeyExchange message, + * and is 48 bytes long + */ + if( end - p < 2 ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + *p++ = 0; + *p++ = 48; + p += 48; + } + else +#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) + if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) + { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len; + + /* Write length only when we know the actual value */ + if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, + p + 2, end - ( p + 2 ), &len, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); + return( ret ); + } + MBEDTLS_PUT_UINT16_BE( len, p, 0 ); + p += 2 + len; + + MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); + } + else +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) + if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) + { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t zlen; + + if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, + p + 2, end - ( p + 2 ), + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); + return( ret ); + } + + MBEDTLS_PUT_UINT16_BE( zlen, p, 0 ); + p += 2 + zlen; + + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z ); + } + else +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* opaque psk<0..2^16-1>; */ + if( end - p < 2 ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 ); + p += 2; + + if( end < p || (size_t)( end - p ) < psk_len ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + memcpy( p, psk, psk_len ); + p += psk_len; + + ssl->handshake->pmslen = p - ssl->handshake->premaster; + + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From c2c673da590d9a2066fe999f49cc754c0dc067f2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:20:39 +0800 Subject: [PATCH 31/48] move resend_hello_request Signed-off-by: Jerry Yu --- library/ssl_tls.c | 62 +++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9af6ced18a..3f57ef1fe1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,37 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) -static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) -{ - /* If renegotiation is not enforced, retransmit until we would reach max - * timeout if we were using the usual handshake doubling scheme */ - if( ssl->conf->renego_max_records < 0 ) - { - uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; - unsigned char doublings = 1; - - while( ratio != 0 ) - { - ++doublings; - ratio >>= 1; - } - - if( ++ssl->renego_records_seen > doublings ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); - return( 0 ); - } - } - - return( ssl_write_hello_request( ssl ) ); -} -#endif -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ - /* * Handshake functions */ @@ -7965,6 +7934,37 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) +static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) +int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) +{ + /* If renegotiation is not enforced, retransmit until we would reach max + * timeout if we were using the usual handshake doubling scheme */ + if( ssl->conf->renego_max_records < 0 ) + { + uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; + unsigned char doublings = 1; + + while( ratio != 0 ) + { + ++doublings; + ratio >>= 1; + } + + if( ++ssl->renego_records_seen > doublings ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); + return( 0 ); + } + } + + return( ssl_write_hello_request( ssl ) ); +} +#endif +#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From d952669ad8afe79661c841330642d2e9adcbe733 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:23:47 +0800 Subject: [PATCH 32/48] move write_certificate Signed-off-by: Jerry Yu --- library/ssl_tls.c | 1578 +++++++++++++++++++++++---------------------- 1 file changed, 790 insertions(+), 788 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3f57ef1fe1..65e43a1677 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,794 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Handshake functions - */ -#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* No certificate support -> dummy functions */ -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); - - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); - ssl->state++; - return( 0 ); - } - - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); -} - -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); - - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); - ssl->state++; - return( 0 ); - } - - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); -} - -#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -/* Some certificate support -> implement write and parse */ - -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t i, n; - const mbedtls_x509_crt *crt; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); - - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); - ssl->state++; - return( 0 ); - } - -#if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - if( ssl->handshake->client_auth == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); - ssl->state++; - return( 0 ); - } - } -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( mbedtls_ssl_own_cert( ssl ) == NULL ) - { - /* Should never happen because we shouldn't have picked the - * ciphersuite if we don't have a certificate. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - } -#endif - - MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); - - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 6 length of all certs - * 7 . 9 length of cert. 1 - * 10 . n-1 peer certificate - * n . n+2 length of cert. 2 - * n+3 . ... upper level cert, etc. - */ - i = 7; - crt = mbedtls_ssl_own_cert( ssl ); - - while( crt != NULL ) - { - n = crt->raw.len; - if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - - ssl->out_msg[i ] = MBEDTLS_BYTE_2( n ); - ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n ); - ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n ); - - i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); - i += n; crt = crt->next; - } - - ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 ); - ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 ); - ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 ); - - ssl->out_msglen = i; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; - - ssl->state++; - - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); - } - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); - - return( ret ); -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len ) -{ - mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; - - if( peer_crt == NULL ) - return( -1 ); - - if( peer_crt->raw.len != crt_buf_len ) - return( -1 ); - - return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) ); -} -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char const * const peer_cert_digest = - ssl->session->peer_cert_digest; - mbedtls_md_type_t const peer_cert_digest_type = - ssl->session->peer_cert_digest_type; - mbedtls_md_info_t const * const digest_info = - mbedtls_md_info_from_type( peer_cert_digest_type ); - unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; - size_t digest_len; - - if( peer_cert_digest == NULL || digest_info == NULL ) - return( -1 ); - - digest_len = mbedtls_md_get_size( digest_info ); - if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN ) - return( -1 ); - - ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest ); - if( ret != 0 ) - return( -1 ); - - return( memcmp( tmp_digest, peer_cert_digest, digest_len ) ); -} -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ - -/* - * Once the certificate message is read, parse it into a cert chain and - * perform basic checks, but leave actual verification to the caller - */ -static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *chain ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - int crt_cnt=0; -#endif - size_t i, n; - uint8_t alert; - - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); - } - - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); - } - - if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - i = mbedtls_ssl_hs_hdr_len( ssl ); - - /* - * Same message structure as in mbedtls_ssl_write_certificate() - */ - n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; - - if( ssl->in_msg[i] != 0 || - ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ - i += 3; - - /* Iterate through and parse the CRTs in the provided chain. */ - while( i < ssl->in_hslen ) - { - /* Check that there's room for the next CRT's length fields. */ - if ( i + 3 > ssl->in_hslen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - /* In theory, the CRT can be up to 2**24 Bytes, but we don't support - * anything beyond 2**16 ~ 64K. */ - if( ssl->in_msg[i] != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT ); - return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); - } - - /* Read length of the next CRT in the chain. */ - n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) - | (unsigned int) ssl->in_msg[i + 2]; - i += 3; - - if( n < 128 || i + n > ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - /* Check if we're handling the first CRT in the chain. */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - if( crt_cnt++ == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - /* During client-side renegotiation, check that the server's - * end-CRTs hasn't changed compared to the initial handshake, - * mitigating the triple handshake attack. On success, reuse - * the original end-CRT instead of parsing it again. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) ); - if( ssl_check_peer_crt_unchanged( ssl, - &ssl->in_msg[i], - n ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); - return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); - } - - /* Now we can safely free the original chain. */ - ssl_clear_peer_cert( ssl->session ); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ - - /* Parse the next certificate in the chain. */ -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n ); -#else - /* If we don't need to store the CRT chain permanently, parse - * it in-place from the input buffer instead of making a copy. */ - ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n ); -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - switch( ret ) - { - case 0: /*ok*/ - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: - /* Ignore certificate with an unknown algorithm: maybe a - prior certificate was already trusted. */ - break; - - case MBEDTLS_ERR_X509_ALLOC_FAILED: - alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; - goto crt_parse_der_failed; - - case MBEDTLS_ERR_X509_UNKNOWN_VERSION: - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - goto crt_parse_der_failed; - - default: - alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - crt_parse_der_failed: - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert ); - MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); - return( ret ); - } - - i += n; - } - - MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain ); - return( 0 ); -} - -#if defined(MBEDTLS_SSL_SRV_C) -static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) -{ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - return( -1 ); - - if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && - ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && - memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); - return( 0 ); - } - return( -1 ); -} -#endif /* MBEDTLS_SSL_SRV_C */ - -/* Check if a certificate message is expected. - * Return either - * - SSL_CERTIFICATE_EXPECTED, or - * - SSL_CERTIFICATE_SKIP - * indicating whether a Certificate message is expected or not. - */ -#define SSL_CERTIFICATE_EXPECTED 0 -#define SSL_CERTIFICATE_SKIP 1 -static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, - int authmode ) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - return( SSL_CERTIFICATE_SKIP ); - -#if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - return( SSL_CERTIFICATE_SKIP ); - - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) - { - ssl->session_negotiate->verify_result = - MBEDTLS_X509_BADCERT_SKIP_VERIFY; - return( SSL_CERTIFICATE_SKIP ); - } - } -#else - ((void) authmode); -#endif /* MBEDTLS_SSL_SRV_C */ - - return( SSL_CERTIFICATE_EXPECTED ); -} - -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - void *rs_ctx ) -{ - int ret = 0; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - int have_ca_chain = 0; - - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); - void *p_vrfy; - - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) - return( 0 ); - - if( ssl->f_vrfy != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) ); - f_vrfy = ssl->f_vrfy; - p_vrfy = ssl->p_vrfy; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) ); - f_vrfy = ssl->conf->f_vrfy; - p_vrfy = ssl->conf->p_vrfy; - } - - /* - * Main check: verify certificate - */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if( ssl->conf->f_ca_cb != NULL ) - { - ((void) rs_ctx); - have_ca_chain = 1; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) ); - ret = mbedtls_x509_crt_verify_with_ca_cb( - chain, - ssl->conf->f_ca_cb, - ssl->conf->p_ca_cb, - ssl->conf->cert_profile, - ssl->hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy ); - } - else -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - { - mbedtls_x509_crt *ca_chain; - mbedtls_x509_crl *ca_crl; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_ca_chain != NULL ) - { - ca_chain = ssl->handshake->sni_ca_chain; - ca_crl = ssl->handshake->sni_ca_crl; - } - else -#endif - { - ca_chain = ssl->conf->ca_chain; - ca_crl = ssl->conf->ca_crl; - } - - if( ca_chain != NULL ) - have_ca_chain = 1; - - ret = mbedtls_x509_crt_verify_restartable( - chain, - ca_chain, ca_crl, - ssl->conf->cert_profile, - ssl->hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy, rs_ctx ); - } - - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); -#endif - - /* - * Secondary checks: always done, but change 'ret' only if it was 0 - */ - -#if defined(MBEDTLS_ECP_C) - { - const mbedtls_pk_context *pk = &chain->pk; - - /* If certificate uses an EC key, make sure the curve is OK */ - if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && - mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) - { - ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; - - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); - if( ret == 0 ) - ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - } -#endif /* MBEDTLS_ECP_C */ - - if( mbedtls_ssl_check_cert_usage( chain, - ciphersuite_info, - ! ssl->conf->endpoint, - &ssl->session_negotiate->verify_result ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); - if( ret == 0 ) - ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - /* mbedtls_x509_crt_verify_with_profile is supposed to report a - * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED, - * with details encoded in the verification flags. All other kinds - * of error codes, including those from the user provided f_vrfy - * functions, are treated as fatal and lead to a failure of - * ssl_parse_certificate even if verification was optional. */ - if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && - ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) ) - { - ret = 0; - } - - if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); - ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; - } - - if( ret != 0 ) - { - uint8_t alert; - - /* The certificate may have been rejected for several reasons. - Pick one and send the corresponding alert. Which alert to send - may be a subject of debate in some cases. */ - if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER ) - alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) - alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) - alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED ) - alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) - alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; - else - alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - alert ); - } - -#if defined(MBEDTLS_DEBUG_C) - if( ssl->session_negotiate->verify_result != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x", - (unsigned int) ssl->session_negotiate->verify_result ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); - } -#endif /* MBEDTLS_DEBUG_C */ - - return( ret ); -} - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, - unsigned char *start, size_t len ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* Remember digest of the peer's end-CRT. */ - ssl->session_negotiate->peer_cert_digest = - mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ); - if( ssl->session_negotiate->peer_cert_digest == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - } - - ret = mbedtls_md( mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ), - start, len, - ssl->session_negotiate->peer_cert_digest ); - - ssl->session_negotiate->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - ssl->session_negotiate->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; - - return( ret ); -} - -static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, - unsigned char *start, size_t len ) -{ - unsigned char *end = start + len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Make a copy of the peer's raw public key. */ - mbedtls_pk_init( &ssl->handshake->peer_pubkey ); - ret = mbedtls_pk_parse_subpubkey( &start, end, - &ssl->handshake->peer_pubkey ); - if( ret != 0 ) - { - /* We should have parsed the public key before. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - return( 0 ); -} -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) -{ - int ret = 0; - int crt_expected; -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; -#else - const int authmode = ssl->conf->authmode; -#endif - void *rs_ctx = NULL; - mbedtls_x509_crt *chain = NULL; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); - - crt_expected = ssl_parse_certificate_coordinate( ssl, authmode ); - if( crt_expected == SSL_CERTIFICATE_SKIP ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); - goto exit; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_verify ) - { - chain = ssl->handshake->ecrs_peer_cert; - ssl->handshake->ecrs_peer_cert = NULL; - goto crt_verify; - } -#endif - - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - /* mbedtls_ssl_read_record may have sent an alert already. We - let it decide whether to alert. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - goto exit; - } - -#if defined(MBEDTLS_SSL_SRV_C) - if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 ) - { - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - - if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL ) - ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - - goto exit; - } -#endif /* MBEDTLS_SSL_SRV_C */ - - /* Clear existing peer CRT structure in case we tried to - * reuse a session but it failed, and allocate a new one. */ - ssl_clear_peer_cert( ssl->session_negotiate ); - - chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); - if( chain == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", - sizeof( mbedtls_x509_crt ) ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_x509_crt_init( chain ); - - ret = ssl_parse_certificate_chain( ssl, chain ); - if( ret != 0 ) - goto exit; - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled) - ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; - -crt_verify: - if( ssl->handshake->ecrs_enabled) - rs_ctx = &ssl->handshake->ecrs_ctx; -#endif - - ret = ssl_parse_certificate_verify( ssl, authmode, - chain, rs_ctx ); - if( ret != 0 ) - goto exit; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - { - unsigned char *crt_start, *pk_start; - size_t crt_len, pk_len; - - /* We parse the CRT chain without copying, so - * these pointers point into the input buffer, - * and are hence still valid after freeing the - * CRT chain. */ - - crt_start = chain->raw.p; - crt_len = chain->raw.len; - - pk_start = chain->pk_raw.p; - pk_len = chain->pk_raw.len; - - /* Free the CRT structures before computing - * digest and copying the peer's public key. */ - mbedtls_x509_crt_free( chain ); - mbedtls_free( chain ); - chain = NULL; - - ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len ); - if( ret != 0 ) - goto exit; - - ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len ); - if( ret != 0 ) - goto exit; - } -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Pass ownership to session structure. */ - ssl->session_negotiate->peer_cert = chain; - chain = NULL; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); - -exit: - - if( ret == 0 ) - ssl->state++; - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) - { - ssl->handshake->ecrs_peer_cert = chain; - chain = NULL; - } -#endif - - if( chain != NULL ) - { - mbedtls_x509_crt_free( chain ); - mbedtls_free( chain ); - } - - return( ret ); -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) @@ -7965,6 +7177,796 @@ int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) } #endif #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ + + +/* + * Handshake functions + */ +#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* No certificate support -> dummy functions */ +int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + + if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + ssl->state++; + return( 0 ); + } + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} + +int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + + if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->state++; + return( 0 ); + } + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} + +#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +/* Some certificate support -> implement write and parse */ + +int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + size_t i, n; + const mbedtls_x509_crt *crt; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + + if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + ssl->state++; + return( 0 ); + } + +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + if( ssl->handshake->client_auth == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + ssl->state++; + return( 0 ); + } + } +#endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_SRV_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + { + if( mbedtls_ssl_own_cert( ssl ) == NULL ) + { + /* Should never happen because we shouldn't have picked the + * ciphersuite if we don't have a certificate. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + } +#endif + + MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); + + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 6 length of all certs + * 7 . 9 length of cert. 1 + * 10 . n-1 peer certificate + * n . n+2 length of cert. 2 + * n+3 . ... upper level cert, etc. + */ + i = 7; + crt = mbedtls_ssl_own_cert( ssl ); + + while( crt != NULL ) + { + n = crt->raw.len; + if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + ssl->out_msg[i ] = MBEDTLS_BYTE_2( n ); + ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n ); + ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n ); + + i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); + i += n; crt = crt->next; + } + + ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 ); + ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 ); + ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 ); + + ssl->out_msglen = i; + ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; + + ssl->state++; + + if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); + + return( ret ); +} + +#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) + +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, + unsigned char *crt_buf, + size_t crt_buf_len ) +{ + mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; + + if( peer_crt == NULL ) + return( -1 ); + + if( peer_crt->raw.len != crt_buf_len ) + return( -1 ); + + return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) ); +} +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, + unsigned char *crt_buf, + size_t crt_buf_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char const * const peer_cert_digest = + ssl->session->peer_cert_digest; + mbedtls_md_type_t const peer_cert_digest_type = + ssl->session->peer_cert_digest_type; + mbedtls_md_info_t const * const digest_info = + mbedtls_md_info_from_type( peer_cert_digest_type ); + unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; + size_t digest_len; + + if( peer_cert_digest == NULL || digest_info == NULL ) + return( -1 ); + + digest_len = mbedtls_md_get_size( digest_info ); + if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN ) + return( -1 ); + + ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest ); + if( ret != 0 ) + return( -1 ); + + return( memcmp( tmp_digest, peer_cert_digest, digest_len ) ); +} +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ + +/* + * Once the certificate message is read, parse it into a cert chain and + * perform basic checks, but leave actual verification to the caller + */ +static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, + mbedtls_x509_crt *chain ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) + int crt_cnt=0; +#endif + size_t i, n; + uint8_t alert; + + if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + i = mbedtls_ssl_hs_hdr_len( ssl ); + + /* + * Same message structure as in mbedtls_ssl_write_certificate() + */ + n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; + + if( ssl->in_msg[i] != 0 || + ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ + i += 3; + + /* Iterate through and parse the CRTs in the provided chain. */ + while( i < ssl->in_hslen ) + { + /* Check that there's room for the next CRT's length fields. */ + if ( i + 3 > ssl->in_hslen ) { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + /* In theory, the CRT can be up to 2**24 Bytes, but we don't support + * anything beyond 2**16 ~ 64K. */ + if( ssl->in_msg[i] != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT ); + return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); + } + + /* Read length of the next CRT in the chain. */ + n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) + | (unsigned int) ssl->in_msg[i + 2]; + i += 3; + + if( n < 128 || i + n > ssl->in_hslen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + /* Check if we're handling the first CRT in the chain. */ +#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) + if( crt_cnt++ == 0 && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) + { + /* During client-side renegotiation, check that the server's + * end-CRTs hasn't changed compared to the initial handshake, + * mitigating the triple handshake attack. On success, reuse + * the original end-CRT instead of parsing it again. */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) ); + if( ssl_check_peer_crt_unchanged( ssl, + &ssl->in_msg[i], + n ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); + mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); + return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); + } + + /* Now we can safely free the original chain. */ + ssl_clear_peer_cert( ssl->session ); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ + + /* Parse the next certificate in the chain. */ +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n ); +#else + /* If we don't need to store the CRT chain permanently, parse + * it in-place from the input buffer instead of making a copy. */ + ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n ); +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + switch( ret ) + { + case 0: /*ok*/ + case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + /* Ignore certificate with an unknown algorithm: maybe a + prior certificate was already trusted. */ + break; + + case MBEDTLS_ERR_X509_ALLOC_FAILED: + alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; + goto crt_parse_der_failed; + + case MBEDTLS_ERR_X509_UNKNOWN_VERSION: + alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; + goto crt_parse_der_failed; + + default: + alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; + crt_parse_der_failed: + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert ); + MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); + return( ret ); + } + + i += n; + } + + MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain ); + return( 0 ); +} + +#if defined(MBEDTLS_SSL_SRV_C) +static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) +{ + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + return( -1 ); + + if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && + ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && + memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); + return( 0 ); + } + return( -1 ); +} +#endif /* MBEDTLS_SSL_SRV_C */ + +/* Check if a certificate message is expected. + * Return either + * - SSL_CERTIFICATE_EXPECTED, or + * - SSL_CERTIFICATE_SKIP + * indicating whether a Certificate message is expected or not. + */ +#define SSL_CERTIFICATE_EXPECTED 0 +#define SSL_CERTIFICATE_SKIP 1 +static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, + int authmode ) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; + + if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) + return( SSL_CERTIFICATE_SKIP ); + +#if defined(MBEDTLS_SSL_SRV_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + { + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) + return( SSL_CERTIFICATE_SKIP ); + + if( authmode == MBEDTLS_SSL_VERIFY_NONE ) + { + ssl->session_negotiate->verify_result = + MBEDTLS_X509_BADCERT_SKIP_VERIFY; + return( SSL_CERTIFICATE_SKIP ); + } + } +#else + ((void) authmode); +#endif /* MBEDTLS_SSL_SRV_C */ + + return( SSL_CERTIFICATE_EXPECTED ); +} + +static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + void *rs_ctx ) +{ + int ret = 0; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; + int have_ca_chain = 0; + + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); + void *p_vrfy; + + if( authmode == MBEDTLS_SSL_VERIFY_NONE ) + return( 0 ); + + if( ssl->f_vrfy != NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) ); + f_vrfy = ssl->f_vrfy; + p_vrfy = ssl->p_vrfy; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) ); + f_vrfy = ssl->conf->f_vrfy; + p_vrfy = ssl->conf->p_vrfy; + } + + /* + * Main check: verify certificate + */ +#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) + if( ssl->conf->f_ca_cb != NULL ) + { + ((void) rs_ctx); + have_ca_chain = 1; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) ); + ret = mbedtls_x509_crt_verify_with_ca_cb( + chain, + ssl->conf->f_ca_cb, + ssl->conf->p_ca_cb, + ssl->conf->cert_profile, + ssl->hostname, + &ssl->session_negotiate->verify_result, + f_vrfy, p_vrfy ); + } + else +#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + { + mbedtls_x509_crt *ca_chain; + mbedtls_x509_crl *ca_crl; + +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + if( ssl->handshake->sni_ca_chain != NULL ) + { + ca_chain = ssl->handshake->sni_ca_chain; + ca_crl = ssl->handshake->sni_ca_crl; + } + else +#endif + { + ca_chain = ssl->conf->ca_chain; + ca_crl = ssl->conf->ca_crl; + } + + if( ca_chain != NULL ) + have_ca_chain = 1; + + ret = mbedtls_x509_crt_verify_restartable( + chain, + ca_chain, ca_crl, + ssl->conf->cert_profile, + ssl->hostname, + &ssl->session_negotiate->verify_result, + f_vrfy, p_vrfy, rs_ctx ); + } + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); + } + +#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); +#endif + + /* + * Secondary checks: always done, but change 'ret' only if it was 0 + */ + +#if defined(MBEDTLS_ECP_C) + { + const mbedtls_pk_context *pk = &chain->pk; + + /* If certificate uses an EC key, make sure the curve is OK */ + if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && + mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) + { + ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); + if( ret == 0 ) + ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; + } + } +#endif /* MBEDTLS_ECP_C */ + + if( mbedtls_ssl_check_cert_usage( chain, + ciphersuite_info, + ! ssl->conf->endpoint, + &ssl->session_negotiate->verify_result ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); + if( ret == 0 ) + ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; + } + + /* mbedtls_x509_crt_verify_with_profile is supposed to report a + * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED, + * with details encoded in the verification flags. All other kinds + * of error codes, including those from the user provided f_vrfy + * functions, are treated as fatal and lead to a failure of + * ssl_parse_certificate even if verification was optional. */ + if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && + ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || + ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) ) + { + ret = 0; + } + + if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); + ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; + } + + if( ret != 0 ) + { + uint8_t alert; + + /* The certificate may have been rejected for several reasons. + Pick one and send the corresponding alert. Which alert to send + may be a subject of debate in some cases. */ + if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER ) + alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) + alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) + alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) + alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) + alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) + alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) + alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) + alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED ) + alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; + else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) + alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; + else + alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + alert ); + } + +#if defined(MBEDTLS_DEBUG_C) + if( ssl->session_negotiate->verify_result != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x", + (unsigned int) ssl->session_negotiate->verify_result ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); + } +#endif /* MBEDTLS_DEBUG_C */ + + return( ret ); +} + +#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, + unsigned char *start, size_t len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* Remember digest of the peer's end-CRT. */ + ssl->session_negotiate->peer_cert_digest = + mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ); + if( ssl->session_negotiate->peer_cert_digest == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ); + mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + } + + ret = mbedtls_md( mbedtls_md_info_from_type( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ), + start, len, + ssl->session_negotiate->peer_cert_digest ); + + ssl->session_negotiate->peer_cert_digest_type = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; + ssl->session_negotiate->peer_cert_digest_len = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; + + return( ret ); +} + +static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, + unsigned char *start, size_t len ) +{ + unsigned char *end = start + len; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* Make a copy of the peer's raw public key. */ + mbedtls_pk_init( &ssl->handshake->peer_pubkey ); + ret = mbedtls_pk_parse_subpubkey( &start, end, + &ssl->handshake->peer_pubkey ); + if( ret != 0 ) + { + /* We should have parsed the public key before. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + return( 0 ); +} +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + +int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) +{ + int ret = 0; + int crt_expected; +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET + ? ssl->handshake->sni_authmode + : ssl->conf->authmode; +#else + const int authmode = ssl->conf->authmode; +#endif + void *rs_ctx = NULL; + mbedtls_x509_crt *chain = NULL; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + + crt_expected = ssl_parse_certificate_coordinate( ssl, authmode ); + if( crt_expected == SSL_CERTIFICATE_SKIP ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + goto exit; + } + +#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) + if( ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_crt_verify ) + { + chain = ssl->handshake->ecrs_peer_cert; + ssl->handshake->ecrs_peer_cert = NULL; + goto crt_verify; + } +#endif + + if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) + { + /* mbedtls_ssl_read_record may have sent an alert already. We + let it decide whether to alert. */ + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + goto exit; + } + +#if defined(MBEDTLS_SSL_SRV_C) + if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 ) + { + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; + + if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL ) + ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; + + goto exit; + } +#endif /* MBEDTLS_SSL_SRV_C */ + + /* Clear existing peer CRT structure in case we tried to + * reuse a session but it failed, and allocate a new one. */ + ssl_clear_peer_cert( ssl->session_negotiate ); + + chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + if( chain == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", + sizeof( mbedtls_x509_crt ) ) ); + mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_x509_crt_init( chain ); + + ret = ssl_parse_certificate_chain( ssl, chain ); + if( ret != 0 ) + goto exit; + +#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) + if( ssl->handshake->ecrs_enabled) + ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; + +crt_verify: + if( ssl->handshake->ecrs_enabled) + rs_ctx = &ssl->handshake->ecrs_ctx; +#endif + + ret = ssl_parse_certificate_verify( ssl, authmode, + chain, rs_ctx ); + if( ret != 0 ) + goto exit; + +#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + { + unsigned char *crt_start, *pk_start; + size_t crt_len, pk_len; + + /* We parse the CRT chain without copying, so + * these pointers point into the input buffer, + * and are hence still valid after freeing the + * CRT chain. */ + + crt_start = chain->raw.p; + crt_len = chain->raw.len; + + pk_start = chain->pk_raw.p; + pk_len = chain->pk_raw.len; + + /* Free the CRT structures before computing + * digest and copying the peer's public key. */ + mbedtls_x509_crt_free( chain ); + mbedtls_free( chain ); + chain = NULL; + + ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len ); + if( ret != 0 ) + goto exit; + + ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len ); + if( ret != 0 ) + goto exit; + } +#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* Pass ownership to session structure. */ + ssl->session_negotiate->peer_cert = chain; + chain = NULL; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); + +exit: + + if( ret == 0 ) + ssl->state++; + +#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) + if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) + { + ssl->handshake->ecrs_peer_cert = chain; + chain = NULL; + } +#endif + + if( chain != NULL ) + { + mbedtls_x509_crt_free( chain ); + mbedtls_free( chain ); + } + + return( ret ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 615bd6f5b9cf4b4b6e56a52351d0b7abfd2725c5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:25:15 +0800 Subject: [PATCH 33/48] move calc_finished_tls_sha256 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 153 +++++++++++++++++++++++----------------------- 1 file changed, 77 insertions(+), 76 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 65e43a1677..e9a4d1b34b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,82 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA256_C) -static void ssl_calc_finished_tls_sha256( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) -{ - int len = 12; - const char *sender; - unsigned char padbuf[32]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t hash_size; - psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; - psa_status_t status; -#else - mbedtls_sha256_context sha256; -#endif - - mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) - session = ssl->session; - - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) - ? "client finished" - : "server finished"; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - sha256_psa = psa_hash_operation_init(); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) ); - - status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); - return; - } - - status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); - return; - } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 ); -#else - - mbedtls_sha256_init( &sha256 ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); - - mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - - /* - * TLSv1.2: - * hash = PRF( master, finished_label, - * Hash( handshake ) )[0.11] - */ - -#if !defined(MBEDTLS_SHA256_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) - sha256.state, sizeof( sha256.state ) ); -#endif - - mbedtls_sha256_finish( &sha256, padbuf ); - mbedtls_sha256_free( &sha256 ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 32, buf, len ); - - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); - - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); -} -#endif /* MBEDTLS_SHA256_C */ - #if defined(MBEDTLS_SHA384_C) static void ssl_calc_finished_tls_sha384( @@ -7967,6 +7891,83 @@ exit: } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SHA256_C) +static void ssl_calc_finished_tls_sha256( + mbedtls_ssl_context *ssl, unsigned char *buf, int from ) +{ + int len = 12; + const char *sender; + unsigned char padbuf[32]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; + psa_status_t status; +#else + mbedtls_sha256_context sha256; +#endif + + mbedtls_ssl_session *session = ssl->session_negotiate; + if( !session ) + session = ssl->session; + + sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + ? "client finished" + : "server finished"; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + sha256_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) ); + + status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 ); +#else + + mbedtls_sha256_init( &sha256 ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); + + mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); + + /* + * TLSv1.2: + * hash = PRF( master, finished_label, + * Hash( handshake ) )[0.11] + */ + +#if !defined(MBEDTLS_SHA256_ALT) + MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) + sha256.state, sizeof( sha256.state ) ); +#endif + + mbedtls_sha256_finish( &sha256, padbuf ); + mbedtls_sha256_free( &sha256 ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + ssl->handshake->tls_prf( session->master, 48, sender, + padbuf, 32, buf, len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); +} +#endif /* MBEDTLS_SHA256_C */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From b7ba49ef74f95b635ec8bd4980bdc5cf9a55e17d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:25:53 +0800 Subject: [PATCH 34/48] move calc_finished_tls_sha384 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 153 +++++++++++++++++++++++----------------------- 1 file changed, 77 insertions(+), 76 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e9a4d1b34b..5d79bc3e36 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,82 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA384_C) - -static void ssl_calc_finished_tls_sha384( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) -{ - int len = 12; - const char *sender; - unsigned char padbuf[48]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t hash_size; - psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT; - psa_status_t status; -#else - mbedtls_sha512_context sha512; -#endif - - mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) - session = ssl->session; - - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) - ? "client finished" - : "server finished"; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - sha384_psa = psa_hash_operation_init(); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) ); - - status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); - return; - } - - status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); - return; - } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 ); -#else - mbedtls_sha512_init( &sha512 ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); - - mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - - /* - * TLSv1.2: - * hash = PRF( master, finished_label, - * Hash( handshake ) )[0.11] - */ - -#if !defined(MBEDTLS_SHA512_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) - sha512.state, sizeof( sha512.state ) ); -#endif - mbedtls_sha512_finish( &sha512, padbuf ); - - mbedtls_sha512_free( &sha512 ); -#endif - - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 48, buf, len ); - - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); - - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); -} -#endif /* MBEDTLS_SHA384_C */ - void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); @@ -7968,6 +7892,83 @@ static void ssl_calc_finished_tls_sha256( } #endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + +static void ssl_calc_finished_tls_sha384( + mbedtls_ssl_context *ssl, unsigned char *buf, int from ) +{ + int len = 12; + const char *sender; + unsigned char padbuf[48]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT; + psa_status_t status; +#else + mbedtls_sha512_context sha512; +#endif + + mbedtls_ssl_session *session = ssl->session_negotiate; + if( !session ) + session = ssl->session; + + sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + ? "client finished" + : "server finished"; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + sha384_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) ); + + status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 ); +#else + mbedtls_sha512_init( &sha512 ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); + + mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); + + /* + * TLSv1.2: + * hash = PRF( master, finished_label, + * Hash( handshake ) )[0.11] + */ + +#if !defined(MBEDTLS_SHA512_ALT) + MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) + sha512.state, sizeof( sha512.state ) ); +#endif + mbedtls_sha512_finish( &sha512, padbuf ); + + mbedtls_sha512_free( &sha512 ); +#endif + + ssl->handshake->tls_prf( session->master, 48, sender, + padbuf, 48, buf, len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); +} +#endif /* MBEDTLS_SHA384_C */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From aef0015ba0adb86d359d725ed420fb45d350e6f2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:27:31 +0800 Subject: [PATCH 35/48] move wrapup_free_hs_transform Signed-off-by: Jerry Yu --- library/ssl_tls.c | 50 +++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5d79bc3e36..f7c720b2d9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,31 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) -{ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); - - /* - * Free our handshake params - */ - mbedtls_ssl_handshake_free( ssl ); - mbedtls_free( ssl->handshake ); - ssl->handshake = NULL; - - /* - * Free the previous transform and swith in the current one - */ - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); - } - ssl->transform = ssl->transform_negotiate; - ssl->transform_negotiate = NULL; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); -} - void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) { int resume = ssl->handshake->resume; @@ -7969,6 +7944,31 @@ static void ssl_calc_finished_tls_sha384( } #endif /* MBEDTLS_SHA384_C */ +void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); + + /* + * Free our handshake params + */ + mbedtls_ssl_handshake_free( ssl ); + mbedtls_free( ssl->handshake ); + ssl->handshake = NULL; + + /* + * Free the previous transform and swith in the current one + */ + if( ssl->transform ) + { + mbedtls_ssl_transform_free( ssl->transform ); + mbedtls_free( ssl->transform ); + } + ssl->transform = ssl->transform_negotiate; + ssl->transform_negotiate = NULL; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 2a9fff571d667c972cb2cbeab179136db55b00fc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:28:51 +0800 Subject: [PATCH 36/48] move wrapup Signed-off-by: Jerry Yu --- library/ssl_tls.c | 131 +++++++++++++++++++++++----------------------- 1 file changed, 66 insertions(+), 65 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7c720b2d9..12fa9e62fa 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,71 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) -{ - int resume = ssl->handshake->resume; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; - ssl->renego_records_seen = 0; - } -#endif - - /* - * Free the previous session and switch in the current one - */ - if( ssl->session ) - { -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - /* RFC 7366 3.1: keep the EtM state */ - ssl->session_negotiate->encrypt_then_mac = - ssl->session->encrypt_then_mac; -#endif - - mbedtls_ssl_session_free( ssl->session ); - mbedtls_free( ssl->session ); - } - ssl->session = ssl->session_negotiate; - ssl->session_negotiate = NULL; - - /* - * Add cache entry - */ - if( ssl->conf->f_set_cache != NULL && - ssl->session->id_len != 0 && - resume == 0 ) - { - if( ssl->conf->f_set_cache( ssl->conf->p_cache, - ssl->session->id, - ssl->session->id_len, - ssl->session ) != 0 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->flight != NULL ) - { - /* Cancel handshake timer */ - mbedtls_ssl_set_timer( ssl, 0 ); - - /* Keep last flight around in case we need to resend it: - * we need the handshake and transform structures for that */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); - } - else -#endif - mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); - - ssl->state++; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); -} - int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) { int ret, hash_len; @@ -7969,6 +7904,72 @@ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); } + +void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) +{ + int resume = ssl->handshake->resume; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); + +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) + { + ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; + ssl->renego_records_seen = 0; + } +#endif + + /* + * Free the previous session and switch in the current one + */ + if( ssl->session ) + { +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + /* RFC 7366 3.1: keep the EtM state */ + ssl->session_negotiate->encrypt_then_mac = + ssl->session->encrypt_then_mac; +#endif + + mbedtls_ssl_session_free( ssl->session ); + mbedtls_free( ssl->session ); + } + ssl->session = ssl->session_negotiate; + ssl->session_negotiate = NULL; + + /* + * Add cache entry + */ + if( ssl->conf->f_set_cache != NULL && + ssl->session->id_len != 0 && + resume == 0 ) + { + if( ssl->conf->f_set_cache( ssl->conf->p_cache, + ssl->session->id, + ssl->session->id_len, + ssl->session ) != 0 ) + MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); + } + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->flight != NULL ) + { + /* Cancel handshake timer */ + mbedtls_ssl_set_timer( ssl, 0 ); + + /* Keep last flight around in case we need to resend it: + * we need the handshake and transform structures for that */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); + } + else +#endif + mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); + + ssl->state++; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 3c8e47bbbff6cd7a41e4e313b7d2736c377eb253 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:30:01 +0800 Subject: [PATCH 37/48] move write_finished Signed-off-by: Jerry Yu --- library/ssl_tls.c | 218 +++++++++++++++++++++++----------------------- 1 file changed, 109 insertions(+), 109 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 12fa9e62fa..3aa13bc37c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1009,115 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) -{ - int ret, hash_len; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); - - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate ); - - ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); - - /* - * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites - * may define some other value. Currently (early 2016), no defined - * ciphersuite does this (and this is unlikely to change as activity has - * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. - */ - hash_len = 12; - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->verify_data_len = hash_len; - memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); -#endif - - ssl->out_msglen = 4 + hash_len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; - - /* - * In case of session resuming, invert the client and server - * ChangeCipherSpec messages order. - */ - if( ssl->handshake->resume != 0 ) - { -#if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; -#endif -#if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; -#endif - } - else - ssl->state++; - - /* - * Switch to our negotiated transform and session parameters for outbound - * data. - */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - unsigned char i; - - /* Remember current epoch settings for resending */ - ssl->handshake->alt_transform_out = ssl->transform_out; - memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, - sizeof( ssl->handshake->alt_out_ctr ) ); - - /* Set sequence_number to zero */ - memset( &ssl->cur_out_ctr[2], 0, sizeof( ssl->cur_out_ctr ) - 2 ); - - - /* Increment epoch */ - for( i = 2; i > 0; i-- ) - if( ++ssl->cur_out_ctr[i - 1] != 0 ) - break; - - /* The loop goes to its end iff the counter is wrapping */ - if( i == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); - } - } - else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); - - ssl->transform_out = ssl->transform_negotiate; - ssl->session_out = ssl->session_negotiate; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_send_flight_completed( ssl ); -#endif - - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); - } -#endif - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); - - return( 0 ); -} - #define SSL_MAX_HASH_LEN 12 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) @@ -7970,6 +7861,115 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); } +int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) +{ + int ret, hash_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); + + mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate ); + + ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); + + /* + * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites + * may define some other value. Currently (early 2016), no defined + * ciphersuite does this (and this is unlikely to change as activity has + * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. + */ + hash_len = 12; + +#if defined(MBEDTLS_SSL_RENEGOTIATION) + ssl->verify_data_len = hash_len; + memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); +#endif + + ssl->out_msglen = 4 + hash_len; + ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; + + /* + * In case of session resuming, invert the client and server + * ChangeCipherSpec messages order. + */ + if( ssl->handshake->resume != 0 ) + { +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; +#endif +#if defined(MBEDTLS_SSL_SRV_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; +#endif + } + else + ssl->state++; + + /* + * Switch to our negotiated transform and session parameters for outbound + * data. + */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + unsigned char i; + + /* Remember current epoch settings for resending */ + ssl->handshake->alt_transform_out = ssl->transform_out; + memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, + sizeof( ssl->handshake->alt_out_ctr ) ); + + /* Set sequence_number to zero */ + memset( &ssl->cur_out_ctr[2], 0, sizeof( ssl->cur_out_ctr ) - 2 ); + + + /* Increment epoch */ + for( i = 2; i > 0; i-- ) + if( ++ssl->cur_out_ctr[i - 1] != 0 ) + break; + + /* The loop goes to its end iff the counter is wrapping */ + if( i == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); + return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + } + } + else +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); + + ssl->transform_out = ssl->transform_negotiate; + ssl->session_out = ssl->session_negotiate; + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + mbedtls_ssl_send_flight_completed( ssl ); +#endif + + if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); + return( ret ); + } + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); + return( ret ); + } +#endif + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); + + return( 0 ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 0b3d7c1ea1de36f6000cd6d272a453596c3c2eec Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:30:51 +0800 Subject: [PATCH 38/48] move parse_finished Signed-off-by: Jerry Yu --- library/ssl_tls.c | 174 ++++++++++++++++++++++------------------------ 1 file changed, 85 insertions(+), 89 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3aa13bc37c..bd0b6cafd0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1007,95 +1007,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, } #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#define SSL_MAX_HASH_LEN 12 - -int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int hash_len = 12; - unsigned char buf[SSL_MAX_HASH_LEN]; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); - - ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); - - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - goto exit; - } - - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto exit; - } - - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto exit; - } - - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - ret = MBEDTLS_ERR_SSL_DECODE_ERROR; - goto exit; - } - - if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), - buf, hash_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto exit; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->verify_data_len = hash_len; - memcpy( ssl->peer_verify_data, buf, hash_len ); -#endif - - if( ssl->handshake->resume != 0 ) - { -#if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; -#endif -#if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; -#endif - } - else - ssl->state++; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_recv_flight_completed( ssl ); -#endif - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); - -exit: - mbedtls_platform_zeroize( buf, hash_len ); - return( ret ); -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) { memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); @@ -7970,6 +7881,91 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) return( 0 ); } +#define SSL_MAX_HASH_LEN 12 + +int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned int hash_len = 12; + unsigned char buf[SSL_MAX_HASH_LEN]; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); + + ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); + + if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + goto exit; + } + + if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + goto exit; + } + + if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + goto exit; + } + + if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + ret = MBEDTLS_ERR_SSL_DECODE_ERROR; + goto exit; + } + + if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), + buf, hash_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + goto exit; + } + +#if defined(MBEDTLS_SSL_RENEGOTIATION) + ssl->verify_data_len = hash_len; + memcpy( ssl->peer_verify_data, buf, hash_len ); +#endif + + if( ssl->handshake->resume != 0 ) + { +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; +#endif +#if defined(MBEDTLS_SSL_SRV_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; +#endif + } + else + ssl->state++; + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + mbedtls_ssl_recv_flight_completed( ssl ); +#endif + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); + +exit: + mbedtls_platform_zeroize( buf, hash_len ); + return( ret ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 392112c058784386ea35005fdfb0aac160a560fa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:34:10 +0800 Subject: [PATCH 39/48] move tls12prf_from_cs Signed-off-by: Jerry Yu --- library/ssl_tls.c | 47 +++++++++++++++++++---------------------------- 1 file changed, 19 insertions(+), 28 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bd0b6cafd0..f687bdf4ff 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4242,34 +4242,6 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, return( mbedtls_ssl_session_reset_int( ssl, 0 ) ); } -/* - * Helper to get TLS 1.2 PRF from ciphersuite - * (Duplicates bits of logic from ssl_set_handshake_prfs().) - */ -typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); -static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) -{ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA384_C) - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); - - if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - return( tls_prf_sha384 ); -#else - (void) ciphersuite_id; -#endif - return( tls_prf_sha256 ); -#else /* MBEDTLS_SSL_PROTO_TLS1_2 */ - (void) ciphersuite_id; - return( NULL ); -#endif /* !MBEDTLS_SSL_PROTO_TLS1_2 */ - -} - /* * Deserialize context, see mbedtls_ssl_context_save() for format. * @@ -7966,6 +7938,25 @@ exit: return( ret ); } +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +/* + * Helper to get TLS 1.2 PRF from ciphersuite + * (Duplicates bits of logic from ssl_set_handshake_prfs().) + */ +static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) +{ +#if defined(MBEDTLS_SHA384_C) + const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + + if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) + return( tls_prf_sha384 ); +#else + (void) ciphersuite_id; +#endif + return( tls_prf_sha256 ); +} +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From e93ffcd2c7b901225777cf2dc42ce655445d6a3b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:37:06 +0800 Subject: [PATCH 40/48] move tls_prf_get_type Signed-off-by: Jerry Yu --- library/ssl_tls.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f687bdf4ff..1ff754db77 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -433,27 +433,6 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) || \ defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) -{ - ((void) tls_prf); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA384_C) - if( tls_prf == tls_prf_sha384 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA384 ); - } - else -#endif -#if defined(MBEDTLS_SHA256_C) - if( tls_prf == tls_prf_sha256 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA256 ); - } - else -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - return( MBEDTLS_SSL_TLS_PRF_NONE ); -} /* Type for the TLS PRF */ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, @@ -7957,6 +7936,27 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) return( tls_prf_sha256 ); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ + +static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) +{ + ((void) tls_prf); +#if defined(MBEDTLS_SHA384_C) + if( tls_prf == tls_prf_sha384 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA384 ); + } + else +#endif +#if defined(MBEDTLS_SHA256_C) + if( tls_prf == tls_prf_sha256 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA256 ); + } + else +#endif + return( MBEDTLS_SSL_TLS_PRF_NONE ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 9bccc4c63f4d416b8ec2a116d2e66e0243bdd218 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:38:28 +0800 Subject: [PATCH 41/48] move populate_transform Signed-off-by: Jerry Yu --- library/ssl_tls.c | 885 +++++++++++++++++++++++----------------------- 1 file changed, 438 insertions(+), 447 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1ff754db77..a1fda8cc21 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -431,453 +431,6 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) || \ - defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - -/* Type for the TLS PRF */ -typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, - const unsigned char *, size_t, - unsigned char *, size_t); - -/* - * Populate a transform structure with session keys and all the other - * necessary information. - * - * Parameters: - * - [in/out]: transform: structure to populate - * [in] must be just initialised with mbedtls_ssl_transform_init() - * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf() - * - [in] ciphersuite - * - [in] master - * - [in] encrypt_then_mac - * - [in] compression - * - [in] tls_prf: pointer to PRF to use for key derivation - * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random - * - [in] minor_ver: SSL/TLS minor version - * - [in] endpoint: client or server - * - [in] ssl: used for: - * - ssl->conf->{f,p}_export_keys - * [in] optionally used for: - * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg - */ -static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, - int ciphersuite, - const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && - MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - ssl_tls_prf_t tls_prf, - const unsigned char randbytes[64], - int minor_ver, - unsigned endpoint, - const mbedtls_ssl_context *ssl ) -{ - int ret = 0; - unsigned char keyblk[256]; - unsigned char *key1; - unsigned char *key2; - unsigned char *mac_enc; - unsigned char *mac_dec; - size_t mac_key_len = 0; - size_t iv_copy_len; - size_t keylen; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - size_t key_bits; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - -#if !defined(MBEDTLS_DEBUG_C) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( ssl->f_export_keys == NULL ) - { - ssl = NULL; /* make sure we don't use it except for these cases */ - (void) ssl; - } -#endif - - /* - * Some data just needs copying into the structure - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - transform->encrypt_then_mac = encrypt_then_mac; -#endif - transform->minor_ver = minor_ver; - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { - /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform - * generation separate. This should never happen. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* - * Get various info structures - */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - if( ciphersuite_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found", - ciphersuite ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - - cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); - if( cipher_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found", - ciphersuite_info->cipher ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - - md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); - if( md_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found", - (unsigned) ciphersuite_info->mac ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Copy own and peer's CID if the use of the CID - * extension has been negotiated. */ - if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); - - transform->in_cid_len = ssl->own_cid_len; - memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid, - transform->in_cid_len ); - - transform->out_cid_len = ssl->handshake->peer_cid_len; - memcpy( transform->out_cid, ssl->handshake->peer_cid, - ssl->handshake->peer_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, - transform->out_cid_len ); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * Compute key block using the PRF - */ - ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); - return( ret ); - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", - mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); - - /* - * Determine the appropriate key, IV and MAC length. - */ - - keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8; - -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM || - mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM || - mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) - { - size_t explicit_ivlen; - - transform->maclen = 0; - mac_key_len = 0; - transform->taglen = - ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; - - /* All modes haves 96-bit IVs, but the length of the static parts vary - * with mode and version: - * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes - * (to be concatenated with a dynamically chosen IV of 8 Bytes) - * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's - * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record - * sequence number). - */ - transform->ivlen = 12; - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) - transform->fixed_ivlen = 12; - else - transform->fixed_ivlen = 4; - - /* Minimum length of encrypted record */ - explicit_ivlen = transform->ivlen - transform->fixed_ivlen; - transform->minlen = explicit_ivlen + transform->taglen; - } - else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM || - mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) - { - /* Initialize HMAC contexts */ - if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || - ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); - goto end; - } - - /* Get MAC length */ - mac_key_len = mbedtls_md_get_size( md_info ); - transform->maclen = mac_key_len; - - /* IV length */ - transform->ivlen = cipher_info->iv_size; - - /* Minimum length */ - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ) - transform->minlen = transform->maclen; - else - { - /* - * GenericBlockCipher: - * 1. if EtM is in use: one block plus MAC - * otherwise: * first multiple of blocklen greater than maclen - * 2. IV - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) - { - transform->minlen = transform->maclen - + cipher_info->block_size; - } - else -#endif - { - transform->minlen = transform->maclen - + cipher_info->block_size - - transform->maclen % cipher_info->block_size; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - transform->minlen += transform->ivlen; - } - else -#endif - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } - } - } - else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u", - (unsigned) keylen, - (unsigned) transform->minlen, - (unsigned) transform->ivlen, - (unsigned) transform->maclen ) ); - - /* - * Finally setup the cipher contexts, IVs and MAC secrets. - */ -#if defined(MBEDTLS_SSL_CLI_C) - if( endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - key1 = keyblk + mac_key_len * 2; - key2 = keyblk + mac_key_len * 2 + keylen; - - mac_enc = keyblk; - mac_dec = keyblk + mac_key_len; - - /* - * This is not used in TLS v1.1. - */ - iv_copy_len = ( transform->fixed_ivlen ) ? - transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_enc, key2 + keylen, iv_copy_len ); - memcpy( transform->iv_dec, key2 + keylen + iv_copy_len, - iv_copy_len ); - } - else -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - if( endpoint == MBEDTLS_SSL_IS_SERVER ) - { - key1 = keyblk + mac_key_len * 2 + keylen; - key2 = keyblk + mac_key_len * 2; - - mac_enc = keyblk + mac_key_len; - mac_dec = keyblk; - - /* - * This is not used in TLS v1.1. - */ - iv_copy_len = ( transform->fixed_ivlen ) ? - transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_dec, key1 + keylen, iv_copy_len ); - memcpy( transform->iv_enc, key1 + keylen + iv_copy_len, - iv_copy_len ); - } - else -#endif /* MBEDTLS_SSL_SRV_C */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* For HMAC-based ciphersuites, initialize the HMAC transforms. - For AEAD-based ciphersuites, there is nothing to do here. */ - if( mac_key_len != 0 ) - { - ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); - if( ret != 0 ) - goto end; - ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); - if( ret != 0 ) - goto end; - } -#endif -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - ((void) mac_dec); - ((void) mac_enc); - - if( ssl != NULL && ssl->f_export_keys != NULL ) - { - ssl->f_export_keys( ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET, - master, 48, - randbytes + 32, - randbytes, - tls_prf_get_type( tls_prf ) ); - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type, - transform->taglen, - &alg, - &key_type, - &key_bits ) ) != PSA_SUCCESS ) - { - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); - goto end; - } - - transform->psa_alg = alg; - - if ( alg != MBEDTLS_SSL_NULL_CIPHER ) - { - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - - if( ( status = psa_import_key( &attributes, - key1, - PSA_BITS_TO_BYTES( key_bits ), - &transform->psa_key_enc ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status ); - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); - goto end; - } - - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); - - if( ( status = psa_import_key( &attributes, - key2, - PSA_BITS_TO_BYTES( key_bits ), - &transform->psa_key_dec ) ) != PSA_SUCCESS ) - { - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); - goto end; - } - } -#else - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - goto end; - } - - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - goto end; - } - - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, - (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), - MBEDTLS_ENCRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - goto end; - } - - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, - (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), - MBEDTLS_DECRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - goto end; - } - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) - { - if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, - MBEDTLS_PADDING_NONE ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); - goto end; - } - - if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, - MBEDTLS_PADDING_NONE ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); - goto end; - } - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -end: - mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); - return( ret ); -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 || MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - #if defined(MBEDTLS_X509_CRT_PARSE_C) static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) { @@ -7957,6 +7510,444 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) return( MBEDTLS_SSL_TLS_PRF_NONE ); } +/* + * Populate a transform structure with session keys and all the other + * necessary information. + * + * Parameters: + * - [in/out]: transform: structure to populate + * [in] must be just initialised with mbedtls_ssl_transform_init() + * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf() + * - [in] ciphersuite + * - [in] master + * - [in] encrypt_then_mac + * - [in] compression + * - [in] tls_prf: pointer to PRF to use for key derivation + * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random + * - [in] minor_ver: SSL/TLS minor version + * - [in] endpoint: client or server + * - [in] ssl: used for: + * - ssl->conf->{f,p}_export_keys + * [in] optionally used for: + * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg + */ +static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, + int ciphersuite, + const unsigned char master[48], +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \ + defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + int encrypt_then_mac, +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC && + MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + ssl_tls_prf_t tls_prf, + const unsigned char randbytes[64], + int minor_ver, + unsigned endpoint, + const mbedtls_ssl_context *ssl ) +{ + int ret = 0; + unsigned char keyblk[256]; + unsigned char *key1; + unsigned char *key2; + unsigned char *mac_enc; + unsigned char *mac_dec; + size_t mac_key_len = 0; + size_t iv_copy_len; + size_t keylen; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + const mbedtls_cipher_info_t *cipher_info; + const mbedtls_md_info_t *md_info; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; + size_t key_bits; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#endif + +#if !defined(MBEDTLS_DEBUG_C) && \ + !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + if( ssl->f_export_keys == NULL ) + { + ssl = NULL; /* make sure we don't use it except for these cases */ + (void) ssl; + } +#endif + + /* + * Some data just needs copying into the structure + */ +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + transform->encrypt_then_mac = encrypt_then_mac; +#endif + transform->minor_ver = minor_ver; + +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform + * generation separate. This should never happen. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + + /* + * Get various info structures + */ + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); + if( ciphersuite_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found", + ciphersuite ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); + if( cipher_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found", + ciphersuite_info->cipher ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); + if( md_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found", + (unsigned) ciphersuite_info->mac ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* Copy own and peer's CID if the use of the CID + * extension has been negotiated. */ + if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); + + transform->in_cid_len = ssl->own_cid_len; + memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid, + transform->in_cid_len ); + + transform->out_cid_len = ssl->handshake->peer_cid_len; + memcpy( transform->out_cid, ssl->handshake->peer_cid, + ssl->handshake->peer_cid_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, + transform->out_cid_len ); + } +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + /* + * Compute key block using the PRF + */ + ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", + mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 ); + MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 ); + MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); + + /* + * Determine the appropriate key, IV and MAC length. + */ + + keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8; + +#if defined(MBEDTLS_GCM_C) || \ + defined(MBEDTLS_CCM_C) || \ + defined(MBEDTLS_CHACHAPOLY_C) + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM || + mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM || + mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) + { + size_t explicit_ivlen; + + transform->maclen = 0; + mac_key_len = 0; + transform->taglen = + ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; + + /* All modes haves 96-bit IVs, but the length of the static parts vary + * with mode and version: + * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes + * (to be concatenated with a dynamically chosen IV of 8 Bytes) + * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's + * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record + * sequence number). + */ + transform->ivlen = 12; + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY ) + transform->fixed_ivlen = 12; + else + transform->fixed_ivlen = 4; + + /* Minimum length of encrypted record */ + explicit_ivlen = transform->ivlen - transform->fixed_ivlen; + transform->minlen = explicit_ivlen + transform->taglen; + } + else +#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM || + mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) + { + /* Initialize HMAC contexts */ + if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || + ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + goto end; + } + + /* Get MAC length */ + mac_key_len = mbedtls_md_get_size( md_info ); + transform->maclen = mac_key_len; + + /* IV length */ + transform->ivlen = cipher_info->iv_size; + + /* Minimum length */ + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ) + transform->minlen = transform->maclen; + else + { + /* + * GenericBlockCipher: + * 1. if EtM is in use: one block plus MAC + * otherwise: * first multiple of blocklen greater than maclen + * 2. IV + */ +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + { + transform->minlen = transform->maclen + + cipher_info->block_size; + } + else +#endif + { + transform->minlen = transform->maclen + + cipher_info->block_size + - transform->maclen % cipher_info->block_size; + } + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + { + transform->minlen += transform->ivlen; + } + else +#endif + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; + } + } + } + else +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u", + (unsigned) keylen, + (unsigned) transform->minlen, + (unsigned) transform->ivlen, + (unsigned) transform->maclen ) ); + + /* + * Finally setup the cipher contexts, IVs and MAC secrets. + */ +#if defined(MBEDTLS_SSL_CLI_C) + if( endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + key1 = keyblk + mac_key_len * 2; + key2 = keyblk + mac_key_len * 2 + keylen; + + mac_enc = keyblk; + mac_dec = keyblk + mac_key_len; + + /* + * This is not used in TLS v1.1. + */ + iv_copy_len = ( transform->fixed_ivlen ) ? + transform->fixed_ivlen : transform->ivlen; + memcpy( transform->iv_enc, key2 + keylen, iv_copy_len ); + memcpy( transform->iv_dec, key2 + keylen + iv_copy_len, + iv_copy_len ); + } + else +#endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_SRV_C) + if( endpoint == MBEDTLS_SSL_IS_SERVER ) + { + key1 = keyblk + mac_key_len * 2 + keylen; + key2 = keyblk + mac_key_len * 2; + + mac_enc = keyblk + mac_key_len; + mac_dec = keyblk; + + /* + * This is not used in TLS v1.1. + */ + iv_copy_len = ( transform->fixed_ivlen ) ? + transform->fixed_ivlen : transform->ivlen; + memcpy( transform->iv_dec, key1 + keylen, iv_copy_len ); + memcpy( transform->iv_enc, key1 + keylen + iv_copy_len, + iv_copy_len ); + } + else +#endif /* MBEDTLS_SSL_SRV_C */ + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; + } + +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + /* For HMAC-based ciphersuites, initialize the HMAC transforms. + For AEAD-based ciphersuites, there is nothing to do here. */ + if( mac_key_len != 0 ) + { + ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); + if( ret != 0 ) + goto end; + ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); + if( ret != 0 ) + goto end; + } +#endif +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + + ((void) mac_dec); + ((void) mac_enc); + + if( ssl != NULL && ssl->f_export_keys != NULL ) + { + ssl->f_export_keys( ssl->p_export_keys, + MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET, + master, 48, + randbytes + 32, + randbytes, + tls_prf_get_type( tls_prf ) ); + } + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type, + transform->taglen, + &alg, + &key_type, + &key_bits ) ) != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); + goto end; + } + + transform->psa_alg = alg; + + if ( alg != MBEDTLS_SSL_NULL_CIPHER ) + { + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + if( ( status = psa_import_key( &attributes, + key1, + PSA_BITS_TO_BYTES( key_bits ), + &transform->psa_key_enc ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status ); + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); + goto end; + } + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + + if( ( status = psa_import_key( &attributes, + key2, + PSA_BITS_TO_BYTES( key_bits ), + &transform->psa_key_dec ) ) != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); + goto end; + } + } +#else + if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, + cipher_info ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + goto end; + } + + if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, + cipher_info ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + goto end; + } + + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), + MBEDTLS_ENCRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + goto end; + } + + if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, + (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ), + MBEDTLS_DECRYPT ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + goto end; + } + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) + { + if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, + MBEDTLS_PADDING_NONE ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); + goto end; + } + + if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, + MBEDTLS_PADDING_NONE ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); + goto end; + } + } +#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +end: + mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); + return( ret ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From ee40f9d4b37356f5494d535d4b48b4fa81d968f4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:55:16 +0800 Subject: [PATCH 42/48] move get_key_exchange_md_tls12 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 246 +++++++++++++++++++++++----------------------- 1 file changed, 121 insertions(+), 125 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a1fda8cc21..ae3573597f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4912,131 +4912,6 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ) -{ - psa_status_t status; - psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); - - if( ( status = psa_hash_setup( &hash_operation, - hash_alg ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status ); - goto exit; - } - - if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes, - 64 ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); - goto exit; - } - - if( ( status = psa_hash_update( &hash_operation, - data, data_len ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); - goto exit; - } - - if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE, - hashlen ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status ); - goto exit; - } - -exit: - if( status != PSA_SUCCESS ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - switch( status ) - { - case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); - case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */ - case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); - default: - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } - } - return( 0 ); -} - -#else - -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ) -{ - int ret = 0; - mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - *hashlen = mbedtls_md_get_size( md_info ); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) ); - - mbedtls_md_init( &ctx ); - - /* - * digitally-signed struct { - * opaque client_random[32]; - * opaque server_random[32]; - * ServerDHParams params; - * }; - */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); - goto exit; - } - if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret ); - goto exit; - } - if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); - goto exit; - } - if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); - goto exit; - } - if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); - goto exit; - } - -exit: - mbedtls_md_free( &ctx ); - - if( ret != 0 ) - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - - return( ret ); -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - #if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, const mbedtls_md_type_t md, @@ -7948,6 +7823,127 @@ end: return( ret ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg ) +{ + psa_status_t status; + psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; + psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); + + if( ( status = psa_hash_setup( &hash_operation, + hash_alg ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status ); + goto exit; + } + + if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes, + 64 ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); + goto exit; + } + + if( ( status = psa_hash_update( &hash_operation, + data, data_len ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); + goto exit; + } + + if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE, + hashlen ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status ); + goto exit; + } + +exit: + if( status != PSA_SUCCESS ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + switch( status ) + { + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */ + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + default: + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } + } + return( 0 ); +} + +#else + +int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg ) +{ + int ret = 0; + mbedtls_md_context_t ctx; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + *hashlen = mbedtls_md_get_size( md_info ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) ); + + mbedtls_md_init( &ctx ); + + /* + * digitally-signed struct { + * opaque client_random[32]; + * opaque server_random[32]; + * ServerDHParams params; + * }; + */ + if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + goto exit; + } + if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret ); + goto exit; + } + if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + goto exit; + } + if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + goto exit; + } + if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); + goto exit; + } + +exit: + mbedtls_md_free( &ctx ); + + if( ret != 0 ) + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + + return( ret ); +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From d9d91da7c752074aa9886768560f34d50903d76f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:57:06 +0800 Subject: [PATCH 43/48] move sig_hash_* Signed-off-by: Jerry Yu --- library/ssl_tls.c | 100 +++++++++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 51 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae3573597f..53f5038eea 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4653,57 +4653,6 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) } #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -/* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg ) -{ - switch( sig_alg ) - { - case MBEDTLS_PK_RSA: - return( set->rsa ); - case MBEDTLS_PK_ECDSA: - return( set->ecdsa ); - default: - return( MBEDTLS_MD_NONE ); - } -} - -/* Add a signature-hash-pair to a signature-hash set */ -void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg, - mbedtls_md_type_t md_alg ) -{ - switch( sig_alg ) - { - case MBEDTLS_PK_RSA: - if( set->rsa == MBEDTLS_MD_NONE ) - set->rsa = md_alg; - break; - - case MBEDTLS_PK_ECDSA: - if( set->ecdsa == MBEDTLS_MD_NONE ) - set->ecdsa = md_alg; - break; - - default: - break; - } -} - -/* Allow exactly one hash algorithm for each signature. */ -void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_md_type_t md_alg ) -{ - set->rsa = md_alg; - set->ecdsa = md_alg; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2) && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - /* * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX */ @@ -7944,6 +7893,55 @@ exit: } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +/* Find an entry in a signature-hash set matching a given hash algorithm. */ +mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg ) +{ + switch( sig_alg ) + { + case MBEDTLS_PK_RSA: + return( set->rsa ); + case MBEDTLS_PK_ECDSA: + return( set->ecdsa ); + default: + return( MBEDTLS_MD_NONE ); + } +} + +/* Add a signature-hash-pair to a signature-hash set */ +void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg, + mbedtls_md_type_t md_alg ) +{ + switch( sig_alg ) + { + case MBEDTLS_PK_RSA: + if( set->rsa == MBEDTLS_MD_NONE ) + set->rsa = md_alg; + break; + + case MBEDTLS_PK_ECDSA: + if( set->ecdsa == MBEDTLS_MD_NONE ) + set->ecdsa = md_alg; + break; + + default: + break; + } +} + +/* Allow exactly one hash algorithm for each signature. */ +void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, + mbedtls_md_type_t md_alg ) +{ + set->rsa = md_alg; + set->ecdsa = md_alg; +} + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 4f9e3efbeb68d2768ea3391440f9ef2b681791fa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:58:27 +0800 Subject: [PATCH 44/48] move session_save/load_tls12 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 749 +++++++++++++++++++++++----------------------- 1 file changed, 373 insertions(+), 376 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 53f5038eea..2de330a1a6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2533,177 +2533,6 @@ static unsigned char ssl_serialized_session_header[] = { * */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* Serialization of TLS 1.2 sessions: - * - * struct { - * uint64 start_time; - * uint8 ciphersuite[2]; // defined by the standard - * uint8 compression; // 0 or 1 - * uint8 session_id_len; // at most 32 - * opaque session_id[32]; - * opaque master[48]; // fixed length in the standard - * uint32 verify_result; - * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert - * opaque ticket<0..2^24-1>; // length 0 means no ticket - * uint32 ticket_lifetime; - * uint8 mfl_code; // up to 255 according to standard - * uint8 encrypt_then_mac; // 0 or 1 - * } serialized_session_tls12; - * - */ -static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len ) -{ - unsigned char *p = buf; - size_t used = 0; - -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - used += 8; - - if( used <= buf_len ) - { - start = (uint64_t) session->start; - - MBEDTLS_PUT_UINT64_BE( start, p, 0 ); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - used += 2 /* ciphersuite */ - + 1 /* compression */ - + 1 /* id_len */ - + sizeof( session->id ) - + sizeof( session->master ) - + 4; /* verify_result */ - - if( used <= buf_len ) - { - MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 ); - p += 2; - - *p++ = MBEDTLS_BYTE_0( session->compression ); - - *p++ = MBEDTLS_BYTE_0( session->id_len ); - memcpy( p, session->id, 32 ); - p += 32; - - memcpy( p, session->master, 48 ); - p += 48; - - MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 ); - p += 4; - } - - /* - * Peer's end-entity certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( session->peer_cert == NULL ) - cert_len = 0; - else - cert_len = session->peer_cert->raw.len; - - used += 3 + cert_len; - - if( used <= buf_len ) - { - *p++ = MBEDTLS_BYTE_2( cert_len ); - *p++ = MBEDTLS_BYTE_1( cert_len ); - *p++ = MBEDTLS_BYTE_0( cert_len ); - - if( session->peer_cert != NULL ) - { - memcpy( p, session->peer_cert->raw.p, cert_len ); - p += cert_len; - } - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( session->peer_cert_digest != NULL ) - { - used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; - if( used <= buf_len ) - { - *p++ = (unsigned char) session->peer_cert_digest_type; - *p++ = (unsigned char) session->peer_cert_digest_len; - memcpy( p, session->peer_cert_digest, - session->peer_cert_digest_len ); - p += session->peer_cert_digest_len; - } - } - else - { - used += 2; - if( used <= buf_len ) - { - *p++ = (unsigned char) MBEDTLS_MD_NONE; - *p++ = 0; - } - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket if any, plus associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ - - if( used <= buf_len ) - { - *p++ = MBEDTLS_BYTE_2( session->ticket_len ); - *p++ = MBEDTLS_BYTE_1( session->ticket_len ); - *p++ = MBEDTLS_BYTE_0( session->ticket_len ); - - if( session->ticket != NULL ) - { - memcpy( p, session->ticket, session->ticket_len ); - p += session->ticket_len; - } - - MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 ); - p += 4; - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - used += 1; - - if( used <= buf_len ) - *p++ = session->mfl_code; -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - used += 1; - - if( used <= buf_len ) - *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac ); -#endif - - return( used ); -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - static int ssl_session_save( const mbedtls_ssl_session *session, unsigned char omit_header, unsigned char *buf, @@ -2771,212 +2600,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, { return( ssl_session_save( session, 0, buf, buf_len, olen ) ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Deserialize session, see mbedtls_ssl_session_save() for format. - * - * This internal version is wrapped by a public function that cleans up in - * case of error, and has an extra option omit_header. - */ -static int ssl_session_load_tls12( mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len ) -{ -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - if( 8 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - start = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); - p += 8; - - session->start = (time_t) start; -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->ciphersuite = ( p[0] << 8 ) | p[1]; - p += 2; - - session->compression = *p++; - - session->id_len = *p++; - memcpy( session->id, p, 32 ); - p += 32; - - memcpy( session->master, p, 48 ); - p += 48; - - session->verify_result = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); - p += 4; - - /* Immediately clear invalid pointer values that have been read, in case - * we exit early before we replaced them with valid ones. */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - session->peer_cert = NULL; -#else - session->peer_cert_digest = NULL; -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - session->ticket = NULL; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Peer certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Deserialize CRT from the end of the ticket. */ - if( 3 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; - p += 3; - - if( cert_len != 0 ) - { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if( cert_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); - - if( session->peer_cert == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - mbedtls_x509_crt_init( session->peer_cert ); - - if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert, - p, cert_len ) ) != 0 ) - { - mbedtls_x509_crt_free( session->peer_cert ); - mbedtls_free( session->peer_cert ); - session->peer_cert = NULL; - return( ret ); - } - - p += cert_len; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Deserialize CRT digest from the end of the ticket. */ - if( 2 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; - session->peer_cert_digest_len = (size_t) *p++; - - if( session->peer_cert_digest_len != 0 ) - { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type( session->peer_cert_digest_type ); - if( md_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - if( session->peer_cert_digest_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->peer_cert_digest = - mbedtls_calloc( 1, session->peer_cert_digest_len ); - if( session->peer_cert_digest == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - memcpy( session->peer_cert_digest, p, - session->peer_cert_digest_len ); - p += session->peer_cert_digest_len; - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket and associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if( 3 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; - p += 3; - - if( session->ticket_len != 0 ) - { - if( session->ticket_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->ticket = mbedtls_calloc( 1, session->ticket_len ); - if( session->ticket == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - memcpy( session->ticket, p, session->ticket_len ); - p += session->ticket_len; - } - - if( 4 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); - p += 4; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->mfl_code = *p++; -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->encrypt_then_mac = *p++; -#endif - - /* Done, should have consumed entire buffer */ - if( p != end ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - return( 0 ); -} -#endif /*MBEDTLS_SSL_PROTO_TLS1_2 */ static int ssl_session_load( mbedtls_ssl_session *session, unsigned char omit_header, const unsigned char *buf, @@ -7942,6 +7566,379 @@ void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +/* Serialization of TLS 1.2 sessions: + * + * struct { + * uint64 start_time; + * uint8 ciphersuite[2]; // defined by the standard + * uint8 compression; // 0 or 1 + * uint8 session_id_len; // at most 32 + * opaque session_id[32]; + * opaque master[48]; // fixed length in the standard + * uint32 verify_result; + * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert + * opaque ticket<0..2^24-1>; // length 0 means no ticket + * uint32 ticket_lifetime; + * uint8 mfl_code; // up to 255 according to standard + * uint8 encrypt_then_mac; // 0 or 1 + * } serialized_session_tls12; + * + */ +static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len ) +{ + unsigned char *p = buf; + size_t used = 0; + +#if defined(MBEDTLS_HAVE_TIME) + uint64_t start; +#endif +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + size_t cert_len; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + /* + * Time + */ +#if defined(MBEDTLS_HAVE_TIME) + used += 8; + + if( used <= buf_len ) + { + start = (uint64_t) session->start; + + MBEDTLS_PUT_UINT64_BE( start, p, 0 ); + p += 8; + } +#endif /* MBEDTLS_HAVE_TIME */ + + /* + * Basic mandatory fields + */ + used += 2 /* ciphersuite */ + + 1 /* compression */ + + 1 /* id_len */ + + sizeof( session->id ) + + sizeof( session->master ) + + 4; /* verify_result */ + + if( used <= buf_len ) + { + MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 ); + p += 2; + + *p++ = MBEDTLS_BYTE_0( session->compression ); + + *p++ = MBEDTLS_BYTE_0( session->id_len ); + memcpy( p, session->id, 32 ); + p += 32; + + memcpy( p, session->master, 48 ); + p += 48; + + MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 ); + p += 4; + } + + /* + * Peer's end-entity certificate + */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + if( session->peer_cert == NULL ) + cert_len = 0; + else + cert_len = session->peer_cert->raw.len; + + used += 3 + cert_len; + + if( used <= buf_len ) + { + *p++ = MBEDTLS_BYTE_2( cert_len ); + *p++ = MBEDTLS_BYTE_1( cert_len ); + *p++ = MBEDTLS_BYTE_0( cert_len ); + + if( session->peer_cert != NULL ) + { + memcpy( p, session->peer_cert->raw.p, cert_len ); + p += cert_len; + } + } +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + if( session->peer_cert_digest != NULL ) + { + used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; + if( used <= buf_len ) + { + *p++ = (unsigned char) session->peer_cert_digest_type; + *p++ = (unsigned char) session->peer_cert_digest_len; + memcpy( p, session->peer_cert_digest, + session->peer_cert_digest_len ); + p += session->peer_cert_digest_len; + } + } + else + { + used += 2; + if( used <= buf_len ) + { + *p++ = (unsigned char) MBEDTLS_MD_NONE; + *p++ = 0; + } + } +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + /* + * Session ticket if any, plus associated data + */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ + + if( used <= buf_len ) + { + *p++ = MBEDTLS_BYTE_2( session->ticket_len ); + *p++ = MBEDTLS_BYTE_1( session->ticket_len ); + *p++ = MBEDTLS_BYTE_0( session->ticket_len ); + + if( session->ticket != NULL ) + { + memcpy( p, session->ticket, session->ticket_len ); + p += session->ticket_len; + } + + MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 ); + p += 4; + } +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + + /* + * Misc extension-related info + */ +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + used += 1; + + if( used <= buf_len ) + *p++ = session->mfl_code; +#endif + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + used += 1; + + if( used <= buf_len ) + *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac ); +#endif + + return( used ); +} + +/* + * Deserialize session, see mbedtls_ssl_session_save() for format. + * + * This internal version is wrapped by a public function that cleans up in + * case of error, and has an extra option omit_header. + */ +static int ssl_session_load_tls12( mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len ) +{ +#if defined(MBEDTLS_HAVE_TIME) + uint64_t start; +#endif +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + size_t cert_len; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + const unsigned char *p = buf; + const unsigned char * const end = buf + len; + + /* + * Time + */ +#if defined(MBEDTLS_HAVE_TIME) + if( 8 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + start = ( (uint64_t) p[0] << 56 ) | + ( (uint64_t) p[1] << 48 ) | + ( (uint64_t) p[2] << 40 ) | + ( (uint64_t) p[3] << 32 ) | + ( (uint64_t) p[4] << 24 ) | + ( (uint64_t) p[5] << 16 ) | + ( (uint64_t) p[6] << 8 ) | + ( (uint64_t) p[7] ); + p += 8; + + session->start = (time_t) start; +#endif /* MBEDTLS_HAVE_TIME */ + + /* + * Basic mandatory fields + */ + if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->ciphersuite = ( p[0] << 8 ) | p[1]; + p += 2; + + session->compression = *p++; + + session->id_len = *p++; + memcpy( session->id, p, 32 ); + p += 32; + + memcpy( session->master, p, 48 ); + p += 48; + + session->verify_result = ( (uint32_t) p[0] << 24 ) | + ( (uint32_t) p[1] << 16 ) | + ( (uint32_t) p[2] << 8 ) | + ( (uint32_t) p[3] ); + p += 4; + + /* Immediately clear invalid pointer values that have been read, in case + * we exit early before we replaced them with valid ones. */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + session->peer_cert = NULL; +#else + session->peer_cert_digest = NULL; +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + session->ticket = NULL; +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + + /* + * Peer certificate + */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + /* Deserialize CRT from the end of the ticket. */ + if( 3 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + p += 3; + + if( cert_len != 0 ) + { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if( cert_len > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + + if( session->peer_cert == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + mbedtls_x509_crt_init( session->peer_cert ); + + if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert, + p, cert_len ) ) != 0 ) + { + mbedtls_x509_crt_free( session->peer_cert ); + mbedtls_free( session->peer_cert ); + session->peer_cert = NULL; + return( ret ); + } + + p += cert_len; + } +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* Deserialize CRT digest from the end of the ticket. */ + if( 2 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; + session->peer_cert_digest_len = (size_t) *p++; + + if( session->peer_cert_digest_len != 0 ) + { + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_type( session->peer_cert_digest_type ); + if( md_info == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + if( session->peer_cert_digest_len > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->peer_cert_digest = + mbedtls_calloc( 1, session->peer_cert_digest_len ); + if( session->peer_cert_digest == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + memcpy( session->peer_cert_digest, p, + session->peer_cert_digest_len ); + p += session->peer_cert_digest_len; + } +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + /* + * Session ticket and associated data + */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + if( 3 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + p += 3; + + if( session->ticket_len != 0 ) + { + if( session->ticket_len > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->ticket = mbedtls_calloc( 1, session->ticket_len ); + if( session->ticket == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + memcpy( session->ticket, p, session->ticket_len ); + p += session->ticket_len; + } + + if( 4 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | + ( (uint32_t) p[1] << 16 ) | + ( (uint32_t) p[2] << 8 ) | + ( (uint32_t) p[3] ); + p += 4; +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + + /* + * Misc extension-related info + */ +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + if( 1 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->mfl_code = *p++; +#endif + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + if( 1 > (size_t)( end - p ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + session->encrypt_then_mac = *p++; +#endif + + /* Done, should have consumed entire buffer */ + if( p != end ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + return( 0 ); +} #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_TLS_C */ From 840fbb2817ec87bc3b4d0c119ef23ea54c58450f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 14:59:29 +0800 Subject: [PATCH 45/48] guards populate_transform reference Signed-off-by: Jerry Yu --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2de330a1a6..633777251d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3502,7 +3502,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, /* Read random bytes and populate structure */ if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) ret = ssl_tls12_populate_transform( ssl->transform, ssl->session->ciphersuite, ssl->session->master, @@ -3518,7 +3518,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl ); if( ret != 0 ) return( ret ); - +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ p += sizeof( ssl->transform->randbytes ); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) From 50f2f703a71d0c7bd8048cda3b37eb7d7d965394 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 15:02:57 +0800 Subject: [PATCH 46/48] remove extra guards Signed-off-by: Jerry Yu --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 633777251d..6a37af7035 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7192,13 +7192,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, - transform->maclen % cipher_info->block_size; } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { transform->minlen += transform->ivlen; } else -#endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -7269,7 +7267,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, } #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* For HMAC-based ciphersuites, initialize the HMAC transforms. For AEAD-based ciphersuites, there is nothing to do here. */ if( mac_key_len != 0 ) @@ -7281,7 +7278,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, if( ret != 0 ) goto end; } -#endif #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ((void) mac_dec); From 18621dfd235ae629a948678ca51ecb53455485ad Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 15:10:17 +0800 Subject: [PATCH 47/48] remove extra empty line Signed-off-by: Jerry Yu --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6a37af7035..636765160c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4915,7 +4915,6 @@ int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -5690,7 +5689,6 @@ int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) #endif #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ - /* * Handshake functions */ @@ -6479,7 +6477,6 @@ exit: } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) @@ -6658,7 +6655,6 @@ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); } - void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) { int resume = ssl->handshake->resume; From f1b23caa4eba1066826ef12333ee9d6d7d3381f7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 11:48:47 +0800 Subject: [PATCH 48/48] move wrong comments Signed-off-by: Jerry Yu --- library/ssl_tls.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 636765160c..e80adb1551 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2601,6 +2601,12 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, return( ssl_session_save( session, 0, buf, buf_len, olen ) ); } +/* + * Deserialize session, see mbedtls_ssl_session_save() for format. + * + * This internal version is wrapped by a public function that cleans up in + * case of error, and has an extra option omit_header. + */ static int ssl_session_load( mbedtls_ssl_session *session, unsigned char omit_header, const unsigned char *buf, @@ -7727,12 +7733,6 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, return( used ); } -/* - * Deserialize session, see mbedtls_ssl_session_save() for format. - * - * This internal version is wrapped by a public function that cleans up in - * case of error, and has an extra option omit_header. - */ static int ssl_session_load_tls12( mbedtls_ssl_session *session, const unsigned char *buf, size_t len )