Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
TLS 1.3: Upstream misc fix from prototype
This commit is contained in:
Gilles Peskine
GitHub
commit
cd0a565644
9 changed files with 59 additions and 40 deletions
|
|
@ -1656,9 +1656,11 @@ struct mbedtls_ssl_context
|
||||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params
|
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params
|
||||||
* This pointer owns the transform
|
* This pointer owns the transform
|
||||||
* it references. */
|
* it references. */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation
|
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation
|
||||||
* This pointer owns the transform
|
* This pointer owns the transform
|
||||||
* it references. */
|
* it references. */
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
/*! The application data transform in TLS 1.3.
|
/*! The application data transform in TLS 1.3.
|
||||||
|
|
|
||||||
|
|
@ -24,15 +24,11 @@
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
|
||||||
#include "mbedtls/platform.h"
|
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "mbedtls/debug.h"
|
#include "mbedtls/debug.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#include "mbedtls/platform.h"
|
||||||
#include "mbedtls/platform_time.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "ssl_client.h"
|
#include "ssl_client.h"
|
||||||
#include "ssl_misc.h"
|
#include "ssl_misc.h"
|
||||||
|
|
|
||||||
|
|
@ -2072,6 +2072,12 @@ int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
|
/*
|
||||||
|
* Write Signature Algorithm extension
|
||||||
|
*/
|
||||||
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
|
int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
|
||||||
|
const unsigned char *end, size_t *out_len );
|
||||||
/*
|
/*
|
||||||
* Parse TLS Signature Algorithm extension
|
* Parse TLS Signature Algorithm extension
|
||||||
*/
|
*/
|
||||||
|
|
@ -2619,10 +2625,6 @@ int mbedtls_ssl_validate_ciphersuite(
|
||||||
mbedtls_ssl_protocol_version min_tls_version,
|
mbedtls_ssl_protocol_version min_tls_version,
|
||||||
mbedtls_ssl_protocol_version max_tls_version );
|
mbedtls_ssl_protocol_version max_tls_version );
|
||||||
|
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
|
||||||
int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
|
|
||||||
const unsigned char *end, size_t *out_len );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
|
||||||
|
|
@ -5094,7 +5094,9 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
|
||||||
* data.
|
* data.
|
||||||
*/
|
*/
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
ssl->transform_in = ssl->transform_negotiate;
|
ssl->transform_in = ssl->transform_negotiate;
|
||||||
|
#endif
|
||||||
ssl->session_in = ssl->session_negotiate;
|
ssl->session_in = ssl->session_negotiate;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
|
|
||||||
|
|
@ -965,13 +965,16 @@ MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
/* Clear old handshake information if present */
|
/* Clear old handshake information if present */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
if( ssl->transform_negotiate )
|
if( ssl->transform_negotiate )
|
||||||
mbedtls_ssl_transform_free( ssl->transform_negotiate );
|
mbedtls_ssl_transform_free( ssl->transform_negotiate );
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
if( ssl->session_negotiate )
|
if( ssl->session_negotiate )
|
||||||
mbedtls_ssl_session_free( ssl->session_negotiate );
|
mbedtls_ssl_session_free( ssl->session_negotiate );
|
||||||
if( ssl->handshake )
|
if( ssl->handshake )
|
||||||
mbedtls_ssl_handshake_free( ssl );
|
mbedtls_ssl_handshake_free( ssl );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
/*
|
/*
|
||||||
* Either the pointers are now NULL or cleared properly and can be freed.
|
* Either the pointers are now NULL or cleared properly and can be freed.
|
||||||
* Now allocate missing structures.
|
* Now allocate missing structures.
|
||||||
|
|
@ -980,6 +983,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
|
ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
if( ssl->session_negotiate == NULL )
|
if( ssl->session_negotiate == NULL )
|
||||||
{
|
{
|
||||||
|
|
@ -998,18 +1002,23 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* All pointers should exist and can be directly freed without issue */
|
/* All pointers should exist and can be directly freed without issue */
|
||||||
if( ssl->handshake == NULL ||
|
if( ssl->handshake == NULL ||
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
ssl->transform_negotiate == NULL ||
|
ssl->transform_negotiate == NULL ||
|
||||||
ssl->session_negotiate == NULL )
|
#endif
|
||||||
|
ssl->session_negotiate == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
|
||||||
|
|
||||||
mbedtls_free( ssl->handshake );
|
mbedtls_free( ssl->handshake );
|
||||||
mbedtls_free( ssl->transform_negotiate );
|
|
||||||
mbedtls_free( ssl->session_negotiate );
|
|
||||||
|
|
||||||
ssl->handshake = NULL;
|
ssl->handshake = NULL;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
mbedtls_free( ssl->transform_negotiate );
|
||||||
ssl->transform_negotiate = NULL;
|
ssl->transform_negotiate = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
mbedtls_free( ssl->session_negotiate );
|
||||||
ssl->session_negotiate = NULL;
|
ssl->session_negotiate = NULL;
|
||||||
|
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
|
|
@ -1017,9 +1026,12 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/* Initialize structures */
|
/* Initialize structures */
|
||||||
mbedtls_ssl_session_init( ssl->session_negotiate );
|
mbedtls_ssl_session_init( ssl->session_negotiate );
|
||||||
mbedtls_ssl_transform_init( ssl->transform_negotiate );
|
|
||||||
ssl_handshake_params_init( ssl->handshake );
|
ssl_handshake_params_init( ssl->handshake );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
mbedtls_ssl_transform_init( ssl->transform_negotiate );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||||
defined(MBEDTLS_SSL_SRV_C) && \
|
defined(MBEDTLS_SSL_SRV_C) && \
|
||||||
defined(MBEDTLS_SSL_SESSION_TICKETS)
|
defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
|
|
@ -3215,12 +3227,14 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
|
size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
|
||||||
size_t read_mfl;
|
size_t read_mfl;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
|
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
||||||
ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
|
ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
|
||||||
{
|
{
|
||||||
return ssl_mfl_code_to_length( ssl->conf->mfl_code );
|
return ssl_mfl_code_to_length( ssl->conf->mfl_code );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Check if a smaller max length was negotiated */
|
/* Check if a smaller max length was negotiated */
|
||||||
if( ssl->session_out != NULL )
|
if( ssl->session_out != NULL )
|
||||||
|
|
@ -3232,7 +3246,7 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// During a handshake, use the value being negotiated
|
/* During a handshake, use the value being negotiated */
|
||||||
if( ssl->session_negotiate != NULL )
|
if( ssl->session_negotiate != NULL )
|
||||||
{
|
{
|
||||||
read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
|
read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
|
||||||
|
|
@ -3497,12 +3511,15 @@ static unsigned char ssl_serialized_session_header[] = {
|
||||||
* // the structure of mbedtls_ssl_session.
|
* // the structure of mbedtls_ssl_session.
|
||||||
*
|
*
|
||||||
* uint8_t minor_ver; // Protocol minor version. Possible values:
|
* uint8_t minor_ver; // Protocol minor version. Possible values:
|
||||||
* // - TLS 1.2 (3)
|
* // - TLS 1.2 (0x0303)
|
||||||
|
* // - TLS 1.3 (0x0304)
|
||||||
*
|
*
|
||||||
* select (serialized_session.tls_version) {
|
* select (serialized_session.tls_version) {
|
||||||
*
|
*
|
||||||
* case MBEDTLS_SSL_VERSION_TLS1_2:
|
* case MBEDTLS_SSL_VERSION_TLS1_2:
|
||||||
* serialized_session_tls12 data;
|
* serialized_session_tls12 data;
|
||||||
|
* case MBEDTLS_SSL_VERSION_TLS1_3:
|
||||||
|
* serialized_session_tls13 data;
|
||||||
*
|
*
|
||||||
* };
|
* };
|
||||||
*
|
*
|
||||||
|
|
@ -4004,7 +4021,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_abort( &handshake->fin_sha256_psa );
|
psa_hash_abort( &handshake->fin_sha256_psa );
|
||||||
#else
|
#else
|
||||||
mbedtls_sha256_free( &handshake->fin_sha256 );
|
mbedtls_sha256_free( &handshake->fin_sha256 );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
|
|
@ -4549,10 +4566,12 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
/* This has been allocated by ssl_handshake_init(), called by
|
/* This has been allocated by ssl_handshake_init(), called by
|
||||||
* by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
|
* by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
ssl->transform = ssl->transform_negotiate;
|
ssl->transform = ssl->transform_negotiate;
|
||||||
ssl->transform_in = ssl->transform;
|
ssl->transform_in = ssl->transform;
|
||||||
ssl->transform_out = ssl->transform;
|
ssl->transform_out = ssl->transform;
|
||||||
ssl->transform_negotiate = NULL;
|
ssl->transform_negotiate = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
|
prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
|
||||||
|
|
@ -4788,11 +4807,14 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||||
if( ssl->handshake )
|
if( ssl->handshake )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_handshake_free( ssl );
|
mbedtls_ssl_handshake_free( ssl );
|
||||||
mbedtls_ssl_transform_free( ssl->transform_negotiate );
|
|
||||||
mbedtls_ssl_session_free( ssl->session_negotiate );
|
|
||||||
|
|
||||||
mbedtls_free( ssl->handshake );
|
mbedtls_free( ssl->handshake );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
mbedtls_ssl_transform_free( ssl->transform_negotiate );
|
||||||
mbedtls_free( ssl->transform_negotiate );
|
mbedtls_free( ssl->transform_negotiate );
|
||||||
|
#endif
|
||||||
|
|
||||||
|
mbedtls_ssl_session_free( ssl->session_negotiate );
|
||||||
mbedtls_free( ssl->session_negotiate );
|
mbedtls_free( ssl->session_negotiate );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2805,11 +2805,10 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
switch( ssl->state )
|
switch( ssl->state )
|
||||||
{
|
{
|
||||||
/*
|
|
||||||
* ssl->state is initialized as HELLO_REQUEST. It is the same
|
|
||||||
* as CLIENT_HELLO state.
|
|
||||||
*/
|
|
||||||
case MBEDTLS_SSL_HELLO_REQUEST:
|
case MBEDTLS_SSL_HELLO_REQUEST:
|
||||||
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
|
||||||
|
break;
|
||||||
|
|
||||||
case MBEDTLS_SSL_CLIENT_HELLO:
|
case MBEDTLS_SSL_CLIENT_HELLO:
|
||||||
ret = mbedtls_ssl_write_client_hello( ssl );
|
ret = mbedtls_ssl_write_client_hello( ssl );
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -28,16 +28,14 @@
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
#include "mbedtls/platform.h"
|
#include "mbedtls/platform.h"
|
||||||
#include "mbedtls/constant_time.h"
|
#include "mbedtls/constant_time.h"
|
||||||
#include <string.h>
|
#include "psa/crypto.h"
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
|
|
||||||
#include "ssl_misc.h"
|
#include "ssl_misc.h"
|
||||||
#include "ssl_tls13_invasive.h"
|
#include "ssl_tls13_invasive.h"
|
||||||
#include "ssl_tls13_keys.h"
|
#include "ssl_tls13_keys.h"
|
||||||
#include "ssl_debug_helpers.h"
|
#include "ssl_debug_helpers.h"
|
||||||
|
|
||||||
#include "psa/crypto.h"
|
|
||||||
#include "mbedtls/psa_util.h"
|
|
||||||
|
|
||||||
const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
|
const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
|
||||||
MBEDTLS_SERVER_HELLO_RANDOM_LEN ] =
|
MBEDTLS_SERVER_HELLO_RANDOM_LEN ] =
|
||||||
{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
|
{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
|
||||||
|
|
|
||||||
|
|
@ -30,16 +30,6 @@
|
||||||
#include "ssl_tls13_keys.h"
|
#include "ssl_tls13_keys.h"
|
||||||
#include "ssl_debug_helpers.h"
|
#include "ssl_debug_helpers.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
|
||||||
#include "mbedtls/ecp.h"
|
|
||||||
#endif /* MBEDTLS_ECP_C */
|
|
||||||
|
|
||||||
#include "mbedtls/platform.h"
|
|
||||||
|
|
||||||
#include "ssl_misc.h"
|
|
||||||
#include "ssl_tls13_keys.h"
|
|
||||||
#include "ssl_debug_helpers.h"
|
|
||||||
|
|
||||||
|
|
||||||
static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
|
static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
|
||||||
mbedtls_ssl_context *ssl,
|
mbedtls_ssl_context *ssl,
|
||||||
|
|
|
||||||
|
|
@ -2090,6 +2090,8 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA"
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||||
run_test "TLS 1.3 opaque key: no suitable algorithm found" \
|
run_test "TLS 1.3 opaque key: no suitable algorithm found" \
|
||||||
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
|
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
|
||||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||||
|
|
@ -2103,6 +2105,8 @@ run_test "TLS 1.3 opaque key: no suitable algorithm found" \
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||||
run_test "TLS 1.3 opaque key: suitable algorithm found" \
|
run_test "TLS 1.3 opaque key: suitable algorithm found" \
|
||||||
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||||
|
|
@ -2111,11 +2115,13 @@ run_test "TLS 1.3 opaque key: suitable algorithm found" \
|
||||||
-c "key type: Opaque" \
|
-c "key type: Opaque" \
|
||||||
-s "key types: Opaque, Opaque" \
|
-s "key types: Opaque, Opaque" \
|
||||||
-C "error" \
|
-C "error" \
|
||||||
-S "error" \
|
-S "error"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||||
run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
|
run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
|
||||||
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \
|
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \
|
||||||
"$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \
|
"$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \
|
||||||
|
|
@ -2130,6 +2136,8 @@ run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||||
run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
|
run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
|
||||||
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue