Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz
parent
8a88f6274c
commit
2abf03c551
9 changed files with 166 additions and 2764 deletions
|
|
@ -809,14 +809,6 @@
|
|||
#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) //no-check-names
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1 (TLS v1.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) //no-check-names
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
|
||||
#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -358,12 +358,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
|
@ -429,14 +429,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -464,7 +464,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -477,12 +477,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
|
@ -526,14 +526,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -561,7 +561,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -607,13 +607,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -661,13 +661,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -732,13 +732,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
|
@ -786,13 +786,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -825,12 +825,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
|
@ -874,14 +874,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -909,7 +909,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -922,12 +922,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
|
@ -971,14 +971,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1006,7 +1006,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1037,7 +1037,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1045,7 +1045,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1053,13 +1053,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1093,7 +1093,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1101,7 +1101,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1152,7 +1152,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1160,7 +1160,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1168,13 +1168,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1208,7 +1208,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1216,7 +1216,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1250,7 +1250,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1258,7 +1258,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1266,13 +1266,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1284,7 +1284,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1292,7 +1292,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1325,7 +1325,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1333,7 +1333,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1341,13 +1341,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1359,7 +1359,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
|
@ -1367,7 +1367,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1411,7 +1411,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_MD5_C)
|
||||
{ MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
|
@ -1419,7 +1419,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
|
@ -1427,7 +1427,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
|
@ -1437,7 +1437,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1445,7 +1445,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
|
@ -1453,7 +1453,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1463,7 +1463,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1471,7 +1471,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
|
@ -1479,7 +1479,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1489,7 +1489,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1497,7 +1497,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
|
@ -1505,7 +1505,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
@ -1515,7 +1515,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
|
@ -1523,7 +1523,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA256_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
|
@ -1531,7 +1531,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_SHA384_C)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
|
|
|||
|
|
@ -1878,7 +1878,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
* even is lower than our min version.
|
||||
*/
|
||||
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
||||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
|
||||
minor_ver < MBEDTLS_SSL_MAJOR_VERSION_3 - 1 ||
|
||||
major_ver > ssl->conf->max_major_ver ||
|
||||
minor_ver > ssl->conf->max_minor_ver )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -65,16 +65,6 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Legacy minor version numbers as defined by:
|
||||
* - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
|
||||
* - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
|
||||
*
|
||||
* We no longer support these versions, but some code still references those
|
||||
* constants, for keep them for now until we clean up that code.
|
||||
*/
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_1 1
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_2 2
|
||||
|
||||
/* Determine minimum supported version */
|
||||
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
|
|
@ -630,20 +620,14 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
|||
* Representation of decryption/encryption transformations on records
|
||||
*
|
||||
* There are the following general types of record transformations:
|
||||
* - Stream transformations (TLS versions <= 1.2 only)
|
||||
* - Stream transformations (TLS versions == 1.2 only)
|
||||
* Transformation adding a MAC and applying a stream-cipher
|
||||
* to the authenticated message.
|
||||
* - CBC block cipher transformations ([D]TLS versions <= 1.2 only)
|
||||
* In addition to the distinction of the order of encryption and
|
||||
* authentication, there's a fundamental difference between the
|
||||
* handling in TLS 1.0 and TLS 1.1 and TLS 1.2: For TLS 1.0,
|
||||
* the final IV after processing a record is used
|
||||
* as the IV for the next record. No explicit IV is contained
|
||||
* in an encrypted record. The IV for the first record is extracted
|
||||
* at key extraction time. In contrast, for TLS 1.1 and 1.2, no
|
||||
* IV is generated at key extraction time, but every encrypted
|
||||
* record is explicitly prefixed by the IV with which it was encrypted.
|
||||
* - AEAD transformations ([D]TLS versions >= 1.2 only)
|
||||
* - CBC block cipher transformations ([D]TLS versions == 1.2 only)
|
||||
* For TLS 1.2, no IV is generated at key extraction time, but every
|
||||
* encrypted record is explicitly prefixed by the IV with which it was
|
||||
* encrypted.
|
||||
* - AEAD transformations ([D]TLS versions == 1.2 only)
|
||||
* These come in two fundamentally different versions, the first one
|
||||
* used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second
|
||||
* one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3.
|
||||
|
|
@ -666,17 +650,16 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
|||
* - For stream/CBC, (static) encryption/decryption keys for the digest.
|
||||
* - For AEAD transformations, the size (potentially 0) of an explicit,
|
||||
* random initialization vector placed in encrypted records.
|
||||
* - For some transformations (currently AEAD and CBC in TLS 1.0)
|
||||
* an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
|
||||
* and (if present) is combined with the explicit IV in a transformation-
|
||||
* dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3).
|
||||
* - For some transformations (currently AEAD) an implicit IV. It may be static
|
||||
* (e.g. AEAD) or dynamic (e.g. CBC) and (if present) is combined with the
|
||||
* explicit IV in a transformation-dependent way (e.g. appending in TLS 1.2
|
||||
* and XOR'ing in TLS 1.3).
|
||||
* - For stream/CBC, a flag determining the order of encryption and MAC.
|
||||
* - The details of the transformation depend on the SSL/TLS version.
|
||||
* - The length of the authentication tag.
|
||||
*
|
||||
* Note: Except for CBC in TLS 1.0, these parameters are
|
||||
* constant across multiple encryption/decryption operations.
|
||||
* For CBC, the implicit IV needs to be updated after each
|
||||
* Note: These parameters are constant across multiple encryption/decryption
|
||||
* operations. For CBC, the implicit IV needs to be updated after each
|
||||
* operation.
|
||||
*
|
||||
* The struct below refines this abstract view as follows:
|
||||
|
|
@ -691,11 +674,9 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
|||
* - For stream/CBC transformations, the message digest contexts
|
||||
* used for the MAC's are stored in md_ctx_{enc/dec}. These contexts
|
||||
* are unused for AEAD transformations.
|
||||
* - For stream/CBC transformations and versions >= TLS 1.0, the
|
||||
* MAC keys are not stored explicitly but maintained within
|
||||
* md_ctx_{enc/dec}.
|
||||
* - The mac_enc and mac_dec fields are unused for EAD transformations or
|
||||
* transformations >= TLS 1.0.
|
||||
* - For stream/CBC transformations, the MAC keys are not stored explicitly
|
||||
* but maintained within md_ctx_{enc/dec}.
|
||||
* - The mac_enc and mac_dec fields are unused for EAD transformations.
|
||||
* - For transformations using an implicit IV maintained within
|
||||
* the transformation context, its contents are stored within
|
||||
* iv_{enc/dec}.
|
||||
|
|
@ -709,10 +690,6 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
|
|||
* and indicates the length of the static part of the IV which is
|
||||
* constant throughout the communication, and which is stored in
|
||||
* the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
|
||||
* Note: For CBC in TLS 1.0, the fields iv_{enc/dec}
|
||||
* still store IV's for continued use across multiple transformations,
|
||||
* so it is not true that fixed_ivlen == 0 means that iv_{enc/dec} are
|
||||
* not being used!
|
||||
* - minor_ver denotes the SSL/TLS version
|
||||
* - For stream/CBC transformations, maclen denotes the length of the
|
||||
* authentication tag, while taglen is unused and 0.
|
||||
|
|
@ -792,7 +769,7 @@ static inline int mbedtls_ssl_transform_uses_aead(
|
|||
* pre-expansion during record protection. Concretely,
|
||||
* this is the length of the fixed part of the explicit IV
|
||||
* used for encryption, or 0 if no explicit IV is used
|
||||
* (e.g. for CBC in TLS 1.0, or stream ciphers).
|
||||
* (e.g. for stream ciphers).
|
||||
*
|
||||
* The reason for the data_offset in the unencrypted case
|
||||
* is to allow for in-place conversion of an unencrypted to
|
||||
|
|
|
|||
|
|
@ -100,9 +100,7 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
|
|||
MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
|
||||
|
||||
/* We don't support record checking in TLS because
|
||||
* (a) there doesn't seem to be a usecase for it, and
|
||||
* (b) In TLS 1.0, CBC record decryption has state
|
||||
* and we'd need to backup the transform here.
|
||||
* there doesn't seem to be a usecase for it.
|
||||
*/
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||
{
|
||||
|
|
@ -645,7 +643,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||
|
||||
|
|
@ -902,7 +900,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
* TLSCipherText.type +
|
||||
* TLSCipherText.version +
|
||||
* length_of( (IV +) ENC(...) ) +
|
||||
* IV + // except for TLS 1.0
|
||||
* IV +
|
||||
* ENC(content + padding + padding_length));
|
||||
*/
|
||||
|
||||
|
|
@ -1107,7 +1105,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
|
|||
* Then we only need to compute HASH(okey + inner_hash) and we're done.
|
||||
*/
|
||||
const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info );
|
||||
/* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5,
|
||||
/* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5,
|
||||
* all of which have the same block size except SHA-384. */
|
||||
const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
|
||||
const unsigned char * const ikey = ctx->hmac_ctx;
|
||||
|
|
@ -5171,7 +5169,7 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
|
||||
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
|
||||
|
|
@ -5601,7 +5599,6 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
|
|||
*
|
||||
* For TLS this is the identity.
|
||||
* For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
|
||||
* 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1)
|
||||
* 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2)
|
||||
*/
|
||||
void mbedtls_ssl_write_version( int major, int minor, int transport,
|
||||
|
|
@ -5610,7 +5607,7 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
|
|||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
if( minor == MBEDTLS_SSL_MINOR_VERSION_3 - 1 )
|
||||
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
||||
|
||||
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
|
||||
|
|
@ -5635,7 +5632,7 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
|||
*major = 255 - ver[0] + 2;
|
||||
*minor = 255 - ver[1] + 1;
|
||||
|
||||
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
if( *minor == MBEDTLS_SSL_MINOR_VERSION_3 - 2 )
|
||||
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -854,7 +854,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
* GenericBlockCipher:
|
||||
* 1. if EtM is in use: one block plus MAC
|
||||
* otherwise: * first multiple of blocklen greater than maclen
|
||||
* 2. IV except for TLS 1.0
|
||||
* 2. IV
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
|
||||
|
|
@ -948,7 +948,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
|
||||
For AEAD-based ciphersuites, there is nothing to do here. */
|
||||
|
|
@ -4234,9 +4234,6 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
|
|||
{
|
||||
switch( ssl->minor_ver )
|
||||
{
|
||||
case MBEDTLS_SSL_MINOR_VERSION_2:
|
||||
return( "DTLSv1.0" );
|
||||
|
||||
case MBEDTLS_SSL_MINOR_VERSION_3:
|
||||
return( "DTLSv1.2" );
|
||||
|
||||
|
|
@ -4248,12 +4245,6 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
|
|||
|
||||
switch( ssl->minor_ver )
|
||||
{
|
||||
case MBEDTLS_SSL_MINOR_VERSION_1:
|
||||
return( "TLSv1.0" );
|
||||
|
||||
case MBEDTLS_SSL_MINOR_VERSION_2:
|
||||
return( "TLSv1.1" );
|
||||
|
||||
case MBEDTLS_SSL_MINOR_VERSION_3:
|
||||
return( "TLSv1.2" );
|
||||
|
||||
|
|
|
|||
|
|
@ -4667,6 +4667,67 @@ run_test "Version check: all -> 1.2" \
|
|||
-s "Protocol is TLSv1.2" \
|
||||
-c "Protocol is TLSv1.2"
|
||||
|
||||
run_test "Not supported version check: cli TLS 1.0" \
|
||||
"$P_SRV" \
|
||||
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \
|
||||
1 \
|
||||
-s "Handshake protocol not within min/max boundaries" \
|
||||
-c "Error in protocol version" \
|
||||
-S "Protocol is TLSv1.0" \
|
||||
-C "Handshake was completed"
|
||||
|
||||
run_test "Not supported version check: cli TLS 1.1" \
|
||||
"$P_SRV" \
|
||||
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \
|
||||
1 \
|
||||
-s "Handshake protocol not within min/max boundaries" \
|
||||
-c "Error in protocol version" \
|
||||
-S "Protocol is TLSv1.1" \
|
||||
-C "Handshake was completed"
|
||||
|
||||
run_test "Not supported version check: srv max TLS 1.0" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \
|
||||
"$P_CLI" \
|
||||
1 \
|
||||
-s "Error in protocol version" \
|
||||
-c "Handshake protocol not within min/max boundaries" \
|
||||
-S "Version: TLS1.0" \
|
||||
-C "Protocol is TLSv1.0"
|
||||
|
||||
run_test "Not supported version check: srv max TLS 1.1" \
|
||||
"$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \
|
||||
"$P_CLI" \
|
||||
1 \
|
||||
-s "Error in protocol version" \
|
||||
-c "Handshake protocol not within min/max boundaries" \
|
||||
-S "Version: TLS1.1" \
|
||||
-C "Protocol is TLSv1.1"
|
||||
|
||||
## ClientHello generated with
|
||||
## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
|
||||
## then manually twiddling the ciphersuite list.
|
||||
## The ClientHello content is spelled out below as a hex string as
|
||||
## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
|
||||
## The expected response is an inappropriate_fallback alert.
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: beginning of list" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020246'" \
|
||||
0 \
|
||||
-s "client only supports ssl smaller than minimum" \
|
||||
-S "received FALLBACK_SCSV" \
|
||||
-S "inapropriate fallback"
|
||||
|
||||
requires_openssl_with_fallback_scsv
|
||||
run_test "Fallback SCSV: end of list" \
|
||||
"$P_SRV debug_level=2" \
|
||||
"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020246'" \
|
||||
0 \
|
||||
-s "client only supports ssl smaller than minimum" \
|
||||
-S "received FALLBACK_SCSV" \
|
||||
-S "inapropriate fallback"
|
||||
|
||||
# Tests for ALPN extension
|
||||
|
||||
run_test "ALPN: none" \
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -1867,8 +1867,6 @@ void perform_handshake( handshake_test_options* options )
|
|||
|
||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
if( options->resize_buffers != 0 )
|
||||
{
|
||||
if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
/* A server, when using DTLS, might delay a buffer resize to happen
|
||||
* after it receives a message, so we force it. */
|
||||
|
|
@ -1883,7 +1881,6 @@ void perform_handshake( handshake_test_options* options )
|
|||
TEST_ASSERT( server.ssl.in_buf_len ==
|
||||
mbedtls_ssl_get_input_buflen( &server.ssl ) );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
|
||||
|
|
@ -3467,9 +3464,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
|
|||
* Test record decryption for CBC without EtM, focused on the verification
|
||||
* of padding and MAC.
|
||||
*
|
||||
* Actually depends on TLS >= 1.0 and either AES, ARIA, Camellia or DES,
|
||||
* but since the test framework doesn't support alternation in
|
||||
* dependency statements, just depend on TLS 1.2 and AES.
|
||||
* Actually depends on TLS 1.2 and AES.
|
||||
*
|
||||
* The length_selector argument is interpreted as follows:
|
||||
* - if it's -1, the plaintext length is 0 and minimal padding is applied
|
||||
|
|
@ -4362,13 +4357,6 @@ void handshake_version( int dtls, int client_min_version, int client_max_version
|
|||
options.expected_negotiated_version = expected_negotiated_version;
|
||||
|
||||
options.dtls = dtls;
|
||||
/* By default, TLSv1.0 use 1/n-1 splitting when sending data, so
|
||||
* the number of fragments will be twice as big. */
|
||||
if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
options.expected_cli_fragments = 2;
|
||||
options.expected_srv_fragments = 2;
|
||||
}
|
||||
perform_handshake( &options );
|
||||
|
||||
/* The goto below is used to avoid an "unused label" warning.*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue