mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 03:40:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4853 from yuhaoth/pr/add-tls13-config-check-and-dummy-handshake

Browse Source 
TLS1_3:add tls13 config check and dummy handshake
This commit is contained in:
Manuel Pégourié-Gonnard 2021-08-10 12:59:09 +02:00 committed by GitHub
commit 448c80727d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 377 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/CMakeLists.txt
View File

@ -104,6 +104,8 @@ set(src_tls
ssl_ticket.c
ssl_tls.c
ssl_tls13_keys.c
ssl_tls13_server.c
ssl_tls13_client.c
)
if(CMAKE_COMPILER_IS_GNUCC)

2
library/Makefile
View File

@ -167,6 +167,8 @@ OBJS_TLS= \
ssl_ticket.o \
ssl_tls.o \
ssl_tls13_keys.o \
ssl_tls13_client.o \
ssl_tls13_server.o \
# This line is intentionally left blank
.SILENT:

50
library/ssl_misc.h
View File

@ -881,6 +881,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
#endif
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
@ -1259,4 +1263,50 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/**
* ssl utils functions for checking configuration.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
return( 1 );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
conf->min_minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{
return( 1 );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
#endif /* ssl_misc.h */

74
library/ssl_tls.c
View File

@ -3142,6 +3142,53 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
}
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
{
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
return( 0 );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
return( 0 );
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif
MBEDTLS_SSL_DEBUG_MSG( 1, ( "The SSL configuration is invalid." ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
static int ssl_conf_check(const mbedtls_ssl_context *ssl)
{
int ret;
ret = ssl_conf_version_check( ssl );
if( ret != 0 )
return( ret );
/* Space for further checks */
return( 0 );
}
/*
* Setup an SSL context
*/
@ -3155,6 +3202,9 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
ssl->conf = conf;
if( ( ret = ssl_conf_check( ssl ) ) != 0 )
return( ret );
/*
* Prepare base structures
*/
@ -5085,11 +5135,31 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ret = mbedtls_ssl_handshake_client_step( ssl );
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_client_step( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif
#if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
ret = mbedtls_ssl_handshake_server_step( ssl );
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
ret = mbedtls_ssl_handshake_server_step( ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif
return( ret );

38
library/ssl_tls13_client.c Normal file
View File

@ -0,0 +1,38 @@
/*
* TLS 1.3 client-side functions
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#if defined(MBEDTLS_SSL_CLI_C)
#include "ssl_misc.h"
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
{
((void) ssl);
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

36
library/ssl_tls13_server.c Normal file
View File

@ -0,0 +1,36 @@
/*
* TLS 1.3 server-side functions
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "common.h"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#if defined(MBEDTLS_SSL_SRV_C)
#include "ssl_misc.h"
int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl )
{
((void) ssl);
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

96
programs/ssl/ssl_client2.c
View File

@ -395,13 +395,20 @@ int main( void )
USAGE_CURVES \
USAGE_DHMLEN \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define USAGE4 \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2\n" \
"\n" \
" options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
"\n\n" \
" force_ciphersuite=<name> default: all enabled\n"\
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
@ -1070,6 +1077,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
goto usage;
}
@ -1078,6 +1089,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
goto usage;
}
@ -1103,6 +1118,13 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
goto usage;
}
@ -1570,41 +1592,7 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
* 2. Start the connection
*/
if( opt.server_addr == NULL)
opt.server_addr = opt.server_name;
mbedtls_printf( " . Connecting to %s/%s/%s...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr, opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
if( opt.nbio > 0 )
ret = mbedtls_net_set_nonblock( &server_fd );
else
ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 3. Setup stuff
* 2. Setup stuff
*/
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
@ -1956,6 +1944,40 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok\n" );
/*
* 3. Start the connection
*/
if( opt.server_addr == NULL)
opt.server_addr = opt.server_name;
mbedtls_printf( " . Connecting to %s/%s/%s...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr, opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
if( opt.nbio > 0 )
ret = mbedtls_net_set_nonblock( &server_fd );
else
ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 4. Handshake
*/

65
programs/ssl/ssl_server2.c
View File

@ -485,6 +485,13 @@ int main( void )
USAGE_ETM \
USAGE_CURVES \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define USAGE4 \
USAGE_SSL_ASYNC \
USAGE_SNI \
@ -492,8 +499,8 @@ int main( void )
" min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2\n" \
"\n" \
" options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
"\n\n" \
" force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
@ -1712,6 +1719,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
goto usage;
}
@ -1720,6 +1731,10 @@ int main( int argc, char *argv[] )
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
goto usage;
}
@ -1745,6 +1760,13 @@ int main( int argc, char *argv[] )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
goto usage;
}
@ -2376,26 +2398,7 @@ int main( int argc, char *argv[] )
#endif /* SNI_OPTION */
/*
* 2. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on %s://%s:%s/ ...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr ? opt.server_addr : "*",
opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 3. Setup stuff
* 2. Setup stuff
*/
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
@ -2889,6 +2892,24 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok\n" );
/*
* 3. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on %s://%s:%s/ ...",
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
opt.server_addr ? opt.server_addr : "*",
opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
reset:
#if !defined(_WIN32)
if( received_sigterm )

54
tests/ssl-opt.sh
View File

@ -693,6 +693,11 @@ find_in_both() {
fi
}
SKIP_HANDSHAKE_CHECK="NO"
skip_handshake_stage_check() {
SKIP_HANDSHAKE_CHECK="YES"
}
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
# Options: -s pattern pattern that must be present in server output
# -c pattern pattern that must be present in client output
@ -855,21 +860,25 @@ run_test() {
# (useful to avoid tests with only negative assertions and non-zero
# expected client exit to incorrectly succeed in case of catastrophic
# failure)
if is_polar "$SRV_CMD"; then
if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
else
fail "server or client failed to reach handshake stage"
return
if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ]
then
if is_polar "$SRV_CMD"; then
if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
else
fail "server or client failed to reach handshake stage"
return
fi
fi
fi
if is_polar "$CLI_CMD"; then
if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
else
fail "server or client failed to reach handshake stage"
return
if is_polar "$CLI_CMD"; then
if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
else
fail "server or client failed to reach handshake stage"
return
fi
fi
fi
SKIP_HANDSHAKE_CHECK="NO"
# Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
# exit with status 0 when interrupted by a signal, and we don't really
# care anyway), in case e.g. the server reports a memory leak.
@ -8478,6 +8487,29 @@ run_test "export keys functionality" \
-c "EAP-TLS IV is:" \
-s "EAP-TLS IV is:"
# TLS1.3 test cases
# TODO: remove or rewrite this test case if #4832 is resolved.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
skip_handshake_stage_check
run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
"$P_SRV debug_level=1 min_version=tls1_2 max_version=tls1_3" \
"$P_CLI debug_level=1 min_version=tls1_2 max_version=tls1_3" \
1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available" \
-s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: handshake dispatch test: tls1_3 only" \
"$P_SRV min_version=tls1_3 max_version=tls1_3" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available"
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C

39
tests/suites/test_suite_debug.function
View File

@ -60,10 +60,16 @@ void debug_print_msg_threshold( int threshold, int level, char * file,
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_threshold( threshold );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_msg( &ssl, level, file, line,
"Text message, 2 == %d", 2 );
@ -89,10 +95,15 @@ void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
@ -116,11 +127,15 @@ void mbedtls_debug_print_buf( char * file, int line, char * text,
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
@ -146,10 +161,15 @@ void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
@ -177,12 +197,17 @@ void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );