Merge branch 'development' into mbedtls_private_with_python
Conflicts:
include/mbedtls/ssl.h
Conflicts resolved by using code from development branch and
manually re-applying MBEDTLS_PRIVATE wrapping.
diff --git a/ChangeLog.d/aria-alt.txt b/ChangeLog.d/aria-alt.txt
new file mode 100644
index 0000000..20aaa2b
--- /dev/null
+++ b/ChangeLog.d/aria-alt.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
+ directive in a header and a missing initialization in the self-test.
+ * Fix a missing initialization in the Camellia self-test, affecting
+ MBEDTLS_CAMELLIA_ALT implementations.
diff --git a/ChangeLog.d/issue4286.txt b/ChangeLog.d/issue4286.txt
new file mode 100644
index 0000000..68eb667
--- /dev/null
+++ b/ChangeLog.d/issue4286.txt
@@ -0,0 +1,11 @@
+Removals
+ * Remove the TLS 1.0, TLS 1.1 and DTLS 1.0 support by removing the following
+ deprecated library constants: MBEDTLS_SSL_PROTO_TLS1,
+ MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING,
+ MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED,
+ MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED, MBEDTLS_SSL_RECORD_CHECKING,
+ MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE,
+ MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK, and functions:
+ mbedtls_ssl_conf_cbc_record_splitting(),
+ mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback().
+ Fixes #4286.
diff --git a/ChangeLog.d/issue4403.txt b/ChangeLog.d/issue4403.txt
new file mode 100644
index 0000000..08ac60e
--- /dev/null
+++ b/ChangeLog.d/issue4403.txt
@@ -0,0 +1,2 @@
+Removals
+ * Remove the MBEDTLS_SSL_DTLS_BADMAC_LIMIT config.h option. Fixes #4403.
diff --git a/ChangeLog.d/psa-without-genprime-fix.txt b/ChangeLog.d/psa-without-genprime-fix.txt
new file mode 100644
index 0000000..8a7153a
--- /dev/null
+++ b/ChangeLog.d/psa-without-genprime-fix.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Restore the ability to configure PSA via Mbed TLS options to support RSA
+ key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
+ is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
+ Fixes #4512.
diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt
new file mode 100644
index 0000000..854dda3
--- /dev/null
+++ b/ChangeLog.d/remove-rsa-mode-parameter.txt
@@ -0,0 +1,9 @@
+Removals
+ * The RSA module no longer supports private-key operations with the public
+ key and vice versa.
+API changes
+ * Remove the mode parameter from RSA operation functions. Signature and
+ decryption functions now always use the private key and verification and
+ encryption use the public key. Verification functions also no longer have
+ RNG parameters.
+ * The RNG is now mandatory for all private-key RSA operations.
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
deleted file mode 100644
index 83d1ab7..0000000
--- a/configs/config-mini-tls1_1.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * \file config-mini-tls1_1.h
- *
- * \brief Minimal configuration for TLS 1.1 (RFC 4346)
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
- * required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *
- * See README.txt for usage instructions.
- */
-
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-/* System support */
-#define MBEDTLS_HAVE_ASM
-#define MBEDTLS_HAVE_TIME
-
-/* mbed TLS feature support */
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#define MBEDTLS_SSL_PROTO_TLS1_1
-
-/* mbed TLS modules */
-#define MBEDTLS_AES_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_DES_C
-#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_MD_C
-#define MBEDTLS_MD5_C
-#define MBEDTLS_NET_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_RSA_C
-#define MBEDTLS_SHA1_C
-/* The library does not currently support enabling SHA-224 without SHA-256.
- * A future version of the library will have this option disabled
- * by default. */
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_SSL_CLI_C
-#define MBEDTLS_SSL_SRV_C
-#define MBEDTLS_SSL_TLS_C
-#define MBEDTLS_X509_CRT_PARSE_C
-#define MBEDTLS_X509_USE_C
-
-/* For test certificates */
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_PEM_PARSE_C
-
-/* For testing with compat.sh */
-#define MBEDTLS_FS_IO
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
new file mode 100644
index 0000000..e400650
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
@@ -0,0 +1,29 @@
+Remove the mode parameter from RSA functions
+--------------------------------------------
+
+This affects all users who use the RSA encryption, decryption, sign and
+verify APIs.
+
+The RSA module no longer supports private-key operations with the public key or
+vice versa. As a consequence, RSA operation functions no longer have a mode
+parameter. If you were calling RSA operations with the normal mode (public key
+for verification or encryption, private key for signature or decryption), remove
+the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling
+RSA operations with the wrong mode, which rarely makes sense from a security
+perspective, this is no longer supported.
+
+Remove the RNG parameter from RSA verify functions
+--------------------------------------------------
+
+RSA verification functions also no longer take random generator arguments (this
+was only needed when using a private key). This affects all applications using
+the RSA verify functions.
+
+RNG is now mandatory in all RSA private key operations
+------------------------------------------------------
+
+The random generator is now mandatory for blinding in all RSA private-key
+operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`,
+`mbedtls_rsa_xxx_decrypt`) as well as for encryption
+(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer
+supported.
diff --git a/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md b/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
new file mode 100644
index 0000000..f81bdad
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
@@ -0,0 +1,11 @@
+Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option
+-------------------------------------------
+
+This change does not affect users who used the default `config.h`, as the option
+MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default.
+
+This option was a trade-off between functionality and code size: it allowed
+users who didn't need that feature to avoid paying the cost in code size, by
+disabling it.
+
+This option is no longer present, but its functionality is now always enabled.
diff --git a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md
new file mode 100644
index 0000000..4beebe2
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md
@@ -0,0 +1,11 @@
+Remove suport for TLS 1.0, 1.1 and DTLS 1.0
+-------------------------------------------
+
+This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols.
+
+The versions of (D)TLS that are being removed are not as secure as the latest
+versions. Keeping them in the library creates opportunities for misconfiguration
+and possibly downgrade attacks. More generally, more code means a larger attack
+surface, even if the code is supposedly not used.
+
+The migration path is to adopt the latest versions of the protocol.
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index cd15c70..854aa69 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -52,14 +52,14 @@
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
-#if !defined(MBEDTLS_ARIA_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_ARIA_ALT)
+// Regular implementation
+//
+
/**
* \brief The ARIA context-type definition.
*/
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 7cb6967..ae23602 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -621,16 +621,6 @@
#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
- !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) || \
- !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
@@ -641,8 +631,7 @@
#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
#endif
-#if (defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) ||\
- defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
@@ -659,7 +648,6 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
#endif
@@ -677,16 +665,10 @@
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_TLS1) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1_2))
+#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
-#error "Illegal protocol selection"
-#endif
-
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
#endif
@@ -718,21 +700,12 @@
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
- ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1) && \
- !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
#endif
@@ -741,10 +714,6 @@
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && !defined(MBEDTLS_SSL_PROTO_TLS1)
-#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
!defined(MBEDTLS_X509_CRT_PARSE_C)
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
@@ -859,6 +828,13 @@
#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1) //no-check-names
+#error "MBEDTLS_SSL_PROTO_TLS1 (TLS v1.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) //no-check-names
+#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
+#endif
/*
* Avoid warning from -pedantic. This is a convenient place for this
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 2c6ae3d..1014091 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1530,9 +1530,7 @@
*
* This only affects CBC ciphersuites, and is useless if none is defined.
*
- * Requires: MBEDTLS_SSL_PROTO_TLS1 or
- * MBEDTLS_SSL_PROTO_TLS1_1 or
- * MBEDTLS_SSL_PROTO_TLS1_2
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Encrypt-then-MAC
*/
@@ -1548,33 +1546,13 @@
* renegotiation), since it actually fixes a more fundamental issue in the
* original SSL/TLS design, and has implications beyond Triple Handshake.
*
- * Requires: MBEDTLS_SSL_PROTO_TLS1 or
- * MBEDTLS_SSL_PROTO_TLS1_1 or
- * MBEDTLS_SSL_PROTO_TLS1_2
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Extended Master Secret.
*/
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
/**
- * \def MBEDTLS_SSL_FALLBACK_SCSV
- *
- * Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
- * for Preventing Protocol Downgrade Attacks.
- *
- * For servers, it is recommended to always enable this, unless you support
- * only one version of TLS, or know for sure that none of your clients
- * implements a fallback strategy.
- *
- * For clients, you only need this if you're using a fallback strategy, which
- * is not recommended in the first place, unless you absolutely need it to
- * interoperate with buggy (version-intolerant) servers.
- *
- * Comment this macro to disable support for FALLBACK_SCSV
- */
-#define MBEDTLS_SSL_FALLBACK_SCSV
-
-/**
* \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
*
* This option controls the availability of the API mbedtls_ssl_get_peer_cert()
@@ -1597,18 +1575,6 @@
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
/**
- * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
- *
- * Enable 1/n-1 record splitting for CBC mode in TLS 1.0.
- *
- * This is a countermeasure to the BEAST attack, which also minimizes the risk
- * of interoperability issues compared to sending 0-length records.
- *
- * Comment this macro to disable 1/n-1 record splitting.
- */
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
-
-/**
* \def MBEDTLS_SSL_RENEGOTIATION
*
* Enable support for TLS renegotiation.
@@ -1650,30 +1616,6 @@
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
/**
- * \def MBEDTLS_SSL_PROTO_TLS1
- *
- * Enable support for TLS 1.0.
- *
- * Requires: MBEDTLS_MD5_C
- * MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.0
- */
-#define MBEDTLS_SSL_PROTO_TLS1
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_1
- *
- * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
- *
- * Requires: MBEDTLS_MD5_C
- * MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
- */
-#define MBEDTLS_SSL_PROTO_TLS1_1
-
-/**
* \def MBEDTLS_SSL_PROTO_TLS1_2
*
* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
@@ -1709,11 +1651,9 @@
*
* Enable support for DTLS (all available versions).
*
- * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
- * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
*
- * Requires: MBEDTLS_SSL_PROTO_TLS1_1
- * or MBEDTLS_SSL_PROTO_TLS1_2
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for DTLS
*/
@@ -1809,17 +1749,6 @@
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
/**
- * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
- *
- * Enable support for a limit of records with bad MAC.
- *
- * See mbedtls_ssl_conf_dtls_badmac_limit().
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-
-/**
* \def MBEDTLS_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL.
@@ -2738,10 +2667,9 @@
* library/pem.c
* library/ssl_tls.c
*
- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
- * depending on the handshake parameters. Further, it is used for checking
- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
- * encrypted keys.
+ * This module is required for TLS 1.2 depending on the handshake parameters.
+ * Further, it is used for checking MD5-signed certificates, and for PBKDF1
+ * when decrypting PEM-encoded encrypted keys.
*
* \warning MD5 is considered a weak message digest and its use constitutes a
* security risk. If possible, we recommend avoiding dependencies on
@@ -3061,8 +2989,8 @@
* library/ssl_tls.c
* library/x509write_crt.c
*
- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
- * depending on the handshake parameters, and for SHA1-signed certificates.
+ * This module is required for TLS 1.2 depending on the handshake parameters,
+ * and for SHA1-signed certificates.
*
* \warning SHA-1 is considered a weak message digest and its use constitutes
* a security risk. If possible, we recommend avoiding dependencies
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 6f88db4..85bf7c9 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -235,7 +235,7 @@
size_t output_max_len );
typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+ mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 945050c..08db213 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -58,8 +58,6 @@
/*
* RSA constants
*/
-#define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */
-#define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */
#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */
#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */
@@ -424,7 +422,7 @@
*
* \param ctx The initialized RSA context used to hold the key.
* \param f_rng The RNG function to be used for key generation.
- * This must not be \c NULL.
+ * This is mandatory and must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng.
* This may be \c NULL if \p f_rng doesn't need a context.
* \param nbits The size of the public key in bits.
@@ -545,11 +543,9 @@
* of a PRNG.
*
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function, used for blinding. It is discouraged
- * and deprecated to pass \c NULL here, in which case
- * blinding will be omitted.
+ * \param f_rng The RNG function, used for blinding. It is mandatory.
* \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
- * if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
+ * if \p f_rng doesn't need a context.
* \param input The input buffer. This must be a readable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
@@ -572,29 +568,13 @@
* operation.
*
* It is the generic wrapper for performing a PKCS#1 encryption
- * operation using the \p mode from the context.
- *
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
+ * operation.
*
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding
- * encoding, and for PKCS#1 v1.5 padding encoding when used
- * with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
- * padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
- * it is used for blinding and should be provided in this
- * case; see mbedtls_rsa_private() for more.
+ * \param f_rng The RNG to use. It is used for padding generation
+ * and it is mandatory.
* \param p_rng The RNG context to be passed to \p f_rng. May be
- * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
- * need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
+ * \c NULL if \p f_rng doesn't need a context argument.
* \param ilen The length of the plaintext in Bytes.
* \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if
@@ -609,7 +589,7 @@
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output );
@@ -617,25 +597,11 @@
* \brief This function performs a PKCS#1 v1.5 encryption operation
* (RSAES-PKCS1-v1_5-ENCRYPT).
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. It is needed for padding generation
- * if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
- * #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
- * blinding and should be provided; see mbedtls_rsa_private().
+ * \param f_rng The RNG function to use. It is mandatory and used for
+ * padding generation.
* \param p_rng The RNG context to be passed to \p f_rng. This may
- * be \c NULL if \p f_rng is \c NULL or if \p f_rng
- * doesn't need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
+ * be \c NULL if \p f_rng doesn't need a context argument.
* \param ilen The length of the plaintext in Bytes.
* \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if
@@ -650,7 +616,7 @@
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output );
@@ -661,22 +627,11 @@
* \note The output buffer must be as large as the size
* of ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initnialized RSA context to use.
* \param f_rng The RNG function to use. This is needed for padding
- * generation and must be provided.
+ * generation and is mandatory.
* \param p_rng The RNG context to be passed to \p f_rng. This may
* be \c NULL if \p f_rng doesn't need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param label The buffer holding the custom label to use.
* This must be a readable buffer of length \p label_len
* Bytes. It may be \c NULL if \p label_len is \c 0.
@@ -695,7 +650,6 @@
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
const unsigned char *label, size_t label_len,
size_t ilen,
const unsigned char *input,
@@ -716,10 +670,10 @@
* the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and should
- * be provided; see mbedtls_rsa_private() for more.
+ * \param f_rng The RNG function. This is used for blinding and is
+ * mandatory; see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \c NULL if \p f_rng doesn't need a context.
* \param olen The address at which to store the length of
* the plaintext. This must not be \c NULL.
* \param input The ciphertext buffer. This must be a readable buffer
@@ -752,10 +706,10 @@
* the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and should
- * be provided; see mbedtls_rsa_private() for more.
+ * \param f_rng The RNG function. This is used for blinding and is
+ * mandatory; see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \c NULL if \p f_rng doesn't need a context.
* \param olen The address at which to store the length of
* the plaintext. This must not be \c NULL.
* \param input The ciphertext buffer. This must be a readable buffer
@@ -790,10 +744,10 @@
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. This is used for blinding and should
- * be provided; see mbedtls_rsa_private() for more.
+ * \param f_rng The RNG function. This is used for blinding and is
+ * mandatory.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \c NULL if \p f_rng doesn't need a context.
* \param label The buffer holding the custom label to use.
* This must be a readable buffer of length \p label_len
* Bytes. It may be \c NULL if \p label_len is \c 0.
@@ -824,7 +778,7 @@
* a message digest using PKCS#1.
*
* It is the generic wrapper for performing a PKCS#1
- * signature using the \p mode from the context.
+ * signature.
*
* \note The \p sig buffer must be as large as the size
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
@@ -833,25 +787,11 @@
* mbedtls_rsa_rsassa_pss_sign() for details on
* \p md_alg and \p hash_id.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1,
- * this must be provided. If the padding mode is PKCS#1 v1.5 and
- * \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
- * and should be provided; see mbedtls_rsa_private() for more
- * more. It is ignored otherwise.
+ * \param f_rng The RNG function to use. This is mandatory and
+ * must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng is \c NULL or doesn't need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
+ * if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -872,7 +812,6 @@
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -882,24 +821,11 @@
* \brief This function performs a PKCS#1 v1.5 signature
* operation (RSASSA-PKCS1-v1_5-SIGN).
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
- * this is used for blinding and should be provided; see
- * mbedtls_rsa_private() for more. If \p mode is
- * #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param f_rng The RNG function. This is used for blinding and is
+ * mandatory; see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
- * if \p f_rng is \c NULL or doesn't need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
+ * if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -920,7 +846,6 @@
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -945,7 +870,7 @@
* #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
*
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It must not be \c NULL.
+ * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
@@ -1000,21 +925,10 @@
* the key size in bytes), this function returns
* #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function. It must not be \c NULL.
+ * \param f_rng The RNG function. It is mandatory and must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
* if \p f_rng doesn't need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -1035,7 +949,6 @@
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -1046,29 +959,13 @@
* the message digest.
*
* This is the generic wrapper for performing a PKCS#1
- * verification using the mode from the context.
+ * verification.
*
* \note For PKCS#1 v2.1 encoding, see comments on
* mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
* \p hash_id.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA public key context to use.
- * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- * this is used for blinding and should be provided; see
- * mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -1086,9 +983,6 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -1098,23 +992,7 @@
* \brief This function performs a PKCS#1 v1.5 verification
* operation (RSASSA-PKCS1-v1_5-VERIFY).
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA public key context to use.
- * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- * this is used for blinding and should be provided; see
- * mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -1132,9 +1010,6 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -1155,23 +1030,7 @@
* same. If \p hash_id in the RSA context is unset,
* the \p md_alg from the function call is used.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA public key context to use.
- * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- * this is used for blinding and should be provided; see
- * mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -1189,9 +1048,6 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -1210,13 +1066,6 @@
* \note The \p hash_id in the RSA context is ignored.
*
* \param ctx The initialized RSA public key context to use.
- * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- * this is used for blinding and should be provided; see
- * mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -1237,9 +1086,6 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e6a3ff5..1830b84 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -132,8 +132,8 @@
* - RFC 8446: see section 4.2.1
*/
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
-#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
-#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
+#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 deprecated */
+#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 deprecated */
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
@@ -157,9 +157,6 @@
#define MBEDTLS_SSL_IS_CLIENT 0
#define MBEDTLS_SSL_IS_SERVER 1
-#define MBEDTLS_SSL_IS_NOT_FALLBACK 0
-#define MBEDTLS_SSL_IS_FALLBACK 1
-
#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
@@ -199,9 +196,6 @@
#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
-
#define MBEDTLS_SSL_PRESET_DEFAULT 0
#define MBEDTLS_SSL_PRESET_SUITEB 2
@@ -283,7 +277,6 @@
* Signaling ciphersuite values (SCSV)
*/
#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
-#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< RFC 7507 section 2 */
/*
* Supported Signature and Hash algorithms (For TLS 1.2)
@@ -1159,9 +1152,7 @@
that triggers renegotiation */
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
-#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
@@ -1193,9 +1184,6 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- unsigned int MBEDTLS_PRIVATE(cbc_record_splitting) : 1; /*!< do cbc record splitting */
-#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
@@ -1205,9 +1193,6 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int MBEDTLS_PRIVATE(fallback) : 1; /*!< is this a fallback? */
-#endif
#if defined(MBEDTLS_SSL_SRV_C)
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
@@ -1240,10 +1225,7 @@
int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
@@ -1357,10 +1339,6 @@
uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- signed char MBEDTLS_PRIVATE(split_done); /*!< current record already splitted? */
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-
/*
* PKI layer
*/
@@ -2279,7 +2257,6 @@
void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
/**
* \brief Set a limit on the number of records with a bad MAC
* before terminating the connection.
@@ -2304,7 +2281,6 @@
* many bogus packets.
*/
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2599,12 +2575,10 @@
* \param ciphersuites 0-terminated list of allowed ciphersuites
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
* supported)
- * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1,
- * MBEDTLS_SSL_MINOR_VERSION_2,
- * MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3
+ * supported)
*
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
- * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
const int *ciphersuites,
@@ -3254,8 +3228,7 @@
*
* \note This ignores ciphersuites from higher versions.
*
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
- * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*
* \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
@@ -3266,13 +3239,12 @@
/**
* \brief Set the minimum accepted SSL/TLS protocol version
- * (Default: TLS 1.0)
+ * (Default: TLS 1.2)
*
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored.
*
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
- * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*
* \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
@@ -3282,29 +3254,6 @@
*/
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief Set the fallback flag (client-side only).
- * (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
- *
- * \note Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
- * connection, that is a connection with max_version set to a
- * lower value than the value you're willing to use. Such
- * fallback connections are not recommended but are sometimes
- * necessary to interoperate with buggy (version-intolerant)
- * servers.
- *
- * \warning You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
- * non-fallback connections! This would appear to work for a
- * while, then cause failures when the server is upgraded to
- * support a newer TLS version.
- *
- * \param conf SSL configuration
- * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
- */
-void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
-#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
/**
* \brief Enable or disable Encrypt-then-MAC
@@ -3399,21 +3348,6 @@
void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-/**
- * \brief Enable / Disable 1/n-1 record splitting
- * (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
- *
- * \note Only affects TLS 1.0, not higher versions.
- * Does not affect non-CBC ciphersuites in any version.
- *
- * \param conf SSL configuration
- * \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
- * MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
- */
-void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
/**
* \brief Enable / Disable session tickets (client only).
diff --git a/library/aria.c b/library/aria.c
index 1875635..a5786b3 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -921,7 +921,7 @@
{ \
if( verbose ) \
mbedtls_printf( "failed\n" ); \
- return( 1 ); \
+ goto exit; \
} else { \
if( verbose ) \
mbedtls_printf( "passed\n" ); \
@@ -935,6 +935,7 @@
int i;
uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
+ int ret = 1;
#if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR))
size_t j;
@@ -946,6 +947,8 @@
uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE];
#endif
+ mbedtls_aria_init( &ctx );
+
/*
* Test set 1
*/
@@ -1065,7 +1068,11 @@
mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
- return( 0 );
+ ret = 0;
+
+exit:
+ mbedtls_aria_free( &ctx );
+ return( ret );
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/camellia.c b/library/camellia.c
index d60f931..f7e0136 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -942,9 +942,11 @@
unsigned char nonce_counter[16];
unsigned char stream_block[16];
#endif
+ int ret = 1;
mbedtls_camellia_context ctx;
+ mbedtls_camellia_init( &ctx );
memset( key, 0, 32 );
for( j = 0; j < 6; j++ ) {
@@ -974,8 +976,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
@@ -1027,8 +1028,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
@@ -1071,8 +1071,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
else
@@ -1087,8 +1086,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
@@ -1100,7 +1098,11 @@
mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
- return( 0 );
+ ret = 0;
+
+exit:
+ mbedtls_camellia_free( &ctx );
+ return( ret );
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/pk.c b/library/pk.c
index 6d29663..06021e2 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -367,11 +367,10 @@
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
- NULL, NULL, MBEDTLS_RSA_PUBLIC,
- md_alg, (unsigned int) hash_len, hash,
- pss_opts->mgf1_hash_id,
- pss_opts->expected_salt_len,
- sig );
+ md_alg, (unsigned int) hash_len, hash,
+ pss_opts->mgf1_hash_id,
+ pss_opts->expected_salt_len,
+ sig );
if( ret != 0 )
return( ret );
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 8e4f251..c351113 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -90,9 +90,9 @@
if( sig_len < rsa_len )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
- MBEDTLS_RSA_PUBLIC, md_alg,
- (unsigned int) hash_len, hash, sig ) ) != 0 )
+ if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg,
+ (unsigned int) hash_len,
+ hash, sig ) ) != 0 )
return( ret );
/* The buffer contains a valid signature followed by extra data.
@@ -120,8 +120,9 @@
*sig_len = mbedtls_rsa_get_len( rsa );
- return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
- md_alg, (unsigned int) hash_len, hash, sig ) );
+ return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng,
+ md_alg, (unsigned int) hash_len,
+ hash, sig ) );
}
static int rsa_decrypt_wrap( void *ctx,
@@ -149,7 +150,7 @@
if( *olen > osize )
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
- return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
+ return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
ilen, input, output ) );
}
@@ -770,7 +771,7 @@
if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+ return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng,
md_alg, (unsigned int) hash_len, hash, sig ) );
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bc7cf3c..3fe2a88 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2918,7 +2918,6 @@
mbedtls_rsa_pkcs1_encrypt( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
input_length,
input,
output ) );
@@ -2933,7 +2932,6 @@
mbedtls_rsa_rsaes_oaep_encrypt( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
salt, salt_length,
input_length,
input,
@@ -4820,7 +4818,8 @@
}
else
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
return( mbedtls_psa_rsa_generate_key( attributes,
@@ -4829,7 +4828,8 @@
key_buffer_length ) );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 686f07d..b5aec20 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -274,7 +274,8 @@
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
@@ -332,7 +333,8 @@
return( status );
}
-#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
/****************************************************************/
/* Sign/verify hashes */
@@ -419,7 +421,6 @@
ret = mbedtls_rsa_pkcs1_sign( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
md_alg,
(unsigned int) hash_length,
hash,
@@ -434,7 +435,6 @@
ret = mbedtls_rsa_rsassa_pss_sign( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
MBEDTLS_MD_NONE,
(unsigned int) hash_length,
hash,
@@ -492,9 +492,6 @@
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
MBEDTLS_MD_NONE );
ret = mbedtls_rsa_pkcs1_verify( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
md_alg,
(unsigned int) hash_length,
hash,
@@ -507,9 +504,6 @@
{
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
ret = mbedtls_rsa_rsassa_pss_verify( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_NONE,
(unsigned int) hash_length,
hash,
@@ -565,7 +559,8 @@
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
@@ -573,7 +568,8 @@
return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
diff --git a/library/rsa.c b/library/rsa.c
index 6761fbd..36424bd 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1156,7 +1156,6 @@
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
const unsigned char *label, size_t label_len,
size_t ilen,
const unsigned char *input,
@@ -1170,15 +1169,10 @@
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1232,9 +1226,7 @@
if( ret != 0 )
return( ret );
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+ return( mbedtls_rsa_public( ctx, output, output ) );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -1244,8 +1236,7 @@
*/
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
+ void *p_rng, size_t ilen,
const unsigned char *input,
unsigned char *output )
{
@@ -1254,14 +1245,9 @@
unsigned char *p = output;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
olen = ctx->len;
/* first comparison checks for overflow */
@@ -1271,43 +1257,32 @@
nb_pad = olen - 3 - ilen;
*p++ = 0;
- if( mode == MBEDTLS_RSA_PUBLIC )
+
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ *p++ = MBEDTLS_RSA_CRYPT;
+
+ while( nb_pad-- > 0 )
{
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ int rng_dl = 100;
- *p++ = MBEDTLS_RSA_CRYPT;
+ do {
+ ret = f_rng( p_rng, p, 1 );
+ } while( *p == 0 && --rng_dl && ret == 0 );
- while( nb_pad-- > 0 )
- {
- int rng_dl = 100;
+ /* Check if RNG failed to generate data */
+ if( rng_dl == 0 || ret != 0 )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
- do {
- ret = f_rng( p_rng, p, 1 );
- } while( *p == 0 && --rng_dl && ret == 0 );
-
- /* Check if RNG failed to generate data */
- if( rng_dl == 0 || ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
-
- p++;
- }
- }
- else
- {
- *p++ = MBEDTLS_RSA_SIGN;
-
- while( nb_pad-- > 0 )
- *p++ = 0xFF;
+ p++;
}
*p++ = 0;
if( ilen != 0 )
memcpy( p, input, ilen );
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+ return( mbedtls_rsa_public( ctx, output, output ) );
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -1317,13 +1292,11 @@
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
@@ -1331,14 +1304,14 @@
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
- input, output );
+ return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng,
+ ilen, input, output );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
- ilen, input, output );
+ return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0,
+ ilen, input, output );
#endif
default:
@@ -1771,7 +1744,6 @@
static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -1787,14 +1759,12 @@
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
RSA_VALIDATE_RET( sig != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
+ if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( f_rng == NULL )
@@ -1895,9 +1865,7 @@
if( ret != 0 )
return( ret );
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, sig )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
+ return mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig );
}
/*
@@ -1913,7 +1881,7 @@
int saltlen,
unsigned char *sig )
{
- return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg,
+ return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
hashlen, hash, saltlen, sig );
}
@@ -1924,13 +1892,12 @@
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
{
- return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
+ return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -2076,7 +2043,6 @@
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2086,14 +2052,12 @@
unsigned char *sig_try = NULL, *verif = NULL;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
RSA_VALIDATE_RET( sig != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
+ if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
/*
@@ -2104,16 +2068,6 @@
ctx->len, sig ) ) != 0 )
return( ret );
- /*
- * Call respective RSA primitive
- */
-
- if( mode == MBEDTLS_RSA_PUBLIC )
- {
- /* Skip verification on a public key operation */
- return( mbedtls_rsa_public( ctx, sig, sig ) );
- }
-
/* Private key operation
*
* In order to prevent Lenstra's attack, make the signature in a
@@ -2156,15 +2110,12 @@
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
@@ -2174,14 +2125,14 @@
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng,
+ md_alg, hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
+ hashlen, hash, sig );
#endif
default:
@@ -2194,9 +2145,6 @@
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2217,24 +2165,17 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
siglen = ctx->len;
if( siglen < 16 || siglen > sizeof( buf ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
+ ret = mbedtls_rsa_public( ctx, sig, buf );
if( ret != 0 )
return( ret );
@@ -2344,9 +2285,6 @@
* Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2354,8 +2292,6 @@
{
mbedtls_md_type_t mgf1_hash_id;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
@@ -2365,10 +2301,11 @@
? (mbedtls_md_type_t) ctx->hash_id
: md_alg;
- return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
- md_alg, hashlen, hash,
- mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
- sig ) );
+ return( mbedtls_rsa_rsassa_pss_verify_ext( ctx,
+ md_alg, hashlen, hash,
+ mgf1_hash_id,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ sig ) );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -2378,9 +2315,6 @@
* Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
*/
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2391,8 +2325,6 @@
unsigned char *encoded = NULL, *encoded_expected = NULL;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
@@ -2400,9 +2332,6 @@
sig_len = ctx->len;
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
/*
* Prepare expected PKCS1 v1.5 encoding of hash.
*/
@@ -2422,9 +2351,7 @@
* Apply RSA primitive to get what should be PKCS1 encoded hash.
*/
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, encoded )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded );
+ ret = mbedtls_rsa_public( ctx, sig, encoded );
if( ret != 0 )
goto cleanup;
@@ -2461,17 +2388,12 @@
* Do an RSA operation and check the message digest
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
@@ -2481,14 +2403,14 @@
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg,
+ hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg,
+ hashlen, hash, sig );
#endif
default:
@@ -2691,7 +2613,7 @@
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
- if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
+ if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL,
PT_LEN, rsa_plaintext,
rsa_ciphertext ) != 0 )
{
@@ -2741,7 +2663,7 @@
}
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
- MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
+ MBEDTLS_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
@@ -2754,8 +2676,7 @@
if( verbose != 0 )
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
- if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL,
- MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
+ if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0bb9592..6cf283e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1206,19 +1206,6 @@
n++;
}
- /* Some versions of OpenSSL don't handle it correctly if not at end */
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
- if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
- *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE );
- n++;
- }
-#endif
-
*q++ = (unsigned char)( n >> 7 );
*q++ = (unsigned char)( n << 1 );
@@ -2843,8 +2830,7 @@
return( ret );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( len_bytes == 2 )
{
ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
@@ -3238,17 +3224,6 @@
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
-
- /* Default hash for ECDSA is SHA-1 */
- if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE )
- md_alg = MBEDTLS_MD_SHA1;
- }
- else
-#endif
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3285,19 +3260,7 @@
/*
* Compute the hash that has been signed
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( md_alg == MBEDTLS_MD_NONE )
- {
- hashlen = 36;
- ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params,
- params_len );
- if( ret != 0 )
- return( ret );
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@@ -3307,8 +3270,7 @@
return( ret );
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -4113,35 +4075,6 @@
ssl->handshake->calc_verify( ssl, hash, &hashlen );
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- /*
- * digitally-signed struct {
- * opaque md5_hash[16];
- * opaque sha_hash[20];
- * };
- *
- * md5_hash
- * MD5(handshake_messages);
- *
- * sha_hash
- * SHA(handshake_messages);
- */
- md_alg = MBEDTLS_MD_NONE;
-
- /*
- * For ECDSA, default hash is SHA-1 only
- */
- if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
- {
- hash_start += 16;
- hashlen -= 16;
- md_alg = MBEDTLS_MD_SHA1;
- }
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index b0b2eb3..40b8913 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -41,8 +41,7 @@
/*
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
- * available. Try SHA-256 first, 512 wastes resources since we need to stay
- * with max 32 bytes of cookie for DTLS 1.0
+ * available. Try SHA-256 first, 512 wastes resources
*/
#if defined(MBEDTLS_SHA224_C)
#define COOKIE_MD MBEDTLS_MD_SHA224
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 180f4d8..1f1de2b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -68,19 +68,11 @@
/* Determine minimum supported version */
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
-#else
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1 */
-#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
+#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
/* Determine maximum supported version */
@@ -88,15 +80,6 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
-#else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* Shorthand for restartable ECC */
@@ -130,13 +113,7 @@
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256).
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* This macro determines whether CBC is supported. */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
@@ -153,11 +130,9 @@
#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
#endif
-/* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */
+/* This macro determines whether the CBC construct used in TLS 1.2 is supported. */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
- ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
#endif
@@ -166,7 +141,7 @@
#define MBEDTLS_SSL_SOME_SUITES_USE_MAC
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* Ciphersuites using HMAC */
@@ -550,10 +525,6 @@
/*
* Checksum contexts
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_context fin_md5;
- mbedtls_sha1_context fin_sha1;
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1202,21 +1173,13 @@
return( diff );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
- unsigned char *output,
- unsigned char *data, size_t data_len );
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len,
mbedtls_md_type_t md_alg );
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#ifdef __cplusplus
}
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 609aa98..ff628b9 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -519,9 +519,9 @@
#endif
/* The PRNG is used for dynamic IV generation that's used
- * for CBC transformations in TLS 1.1 and TLS 1.2. */
+ * for CBC transformations in TLS 1.2. */
#if !( defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
- ( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) )
((void) f_rng);
((void) p_rng);
#endif
@@ -644,8 +644,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
@@ -835,12 +834,12 @@
rec->data_len += padlen + 1;
post_avail -= padlen + 1;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
- * Prepend per-record IV for block cipher in TLS v1.1 and up as per
+ * Prepend per-record IV for block cipher in TLS v1.2 as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
{
if( f_rng == NULL )
{
@@ -865,7 +864,7 @@
transform->ivlen );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including %" MBEDTLS_PRINTF_SIZET
@@ -889,22 +888,9 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- {
- /*
- * Save IV in TLS1
- */
- memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
- transform->ivlen );
- }
- else
-#endif
- {
- data -= transform->ivlen;
- rec->data_offset -= transform->ivlen;
- rec->data_len += transform->ivlen;
- }
+ data -= transform->ivlen;
+ rec->data_offset -= transform->ivlen;
+ rec->data_len += transform->ivlen;
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( auth_done == 0 )
@@ -1381,8 +1367,8 @@
/*
* Check immediate ciphertext sanity
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
{
/* The ciphertext is prefixed with the CBC IV. */
minlen += transform->ivlen;
@@ -1487,11 +1473,11 @@
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
- * Initialize for prepended IV for block cipher in TLS v1.1 and up
+ * Initialize for prepended IV for block cipher in TLS v1.2
*/
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
{
/* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
memcpy( transform->iv_dec, data, transform->ivlen );
@@ -1500,7 +1486,7 @@
rec->data_offset += transform->ivlen;
rec->data_len -= transform->ivlen;
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
@@ -1519,20 +1505,6 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- {
- /*
- * Save IV in TLS1, where CBC decryption of consecutive
- * records is equivalent to CBC decryption of the concatenation
- * of the records; in other words, IVs are maintained across
- * record decryptions.
- */
- memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
- transform->ivlen );
- }
-#endif
-
/* Safe since data_len >= minlen + maclen + 1, so after having
* subtracted at most minlen and maclen up to this point,
* data_len > 0 (because of data_len % ivlen == 0, it's actually
@@ -1573,8 +1545,7 @@
/* Regardless of the validity of the padding,
* we have data_len >= padlen here. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* The padding check involves a series of up to 256
* consecutive memory reads at the end of the record
* plaintext buffer. In order to hide the length and
@@ -1609,8 +1580,7 @@
#endif
padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* If the padding was found to be invalid, padlen == 0
* and the subtraction is safe. If the padding was found valid,
@@ -1657,8 +1627,7 @@
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver );
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* The next two sizes are the minimum and maximum values of
* data_len over all padlen values.
@@ -1686,8 +1655,7 @@
rec->data_len,
min_len, max_len,
transform->maclen );
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
@@ -4531,14 +4499,12 @@
return( ret );
}
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( ssl->conf->badmac_limit != 0 &&
++ssl->badmac_seen >= ssl->conf->badmac_limit )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
-#endif
/* As above, invalid records cause
* dismissal of the whole datagram. */
@@ -4843,7 +4809,7 @@
static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform )
{
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
return( 0 );
return( transform->ivlen - transform->fixed_ivlen );
@@ -5056,12 +5022,12 @@
* more than the block size of the underlying cipher. */
transform_expansion += block_size;
- /* For TLS 1.1 or higher, an explicit IV is added
+ /* For TLS 1.2 or higher, an explicit IV is added
* after the record header. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
transform_expansion += block_size;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
break;
@@ -5201,8 +5167,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
@@ -5213,8 +5178,7 @@
}
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -5510,44 +5474,6 @@
}
/*
- * Write application data, doing 1/n-1 splitting if necessary.
- *
- * With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
- * then the caller will call us again with the same arguments, so
- * remember whether we already did the split or not.
- */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-static int ssl_write_split( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( ssl->conf->cbc_record_splitting ==
- MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
- len <= 1 ||
- ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 ||
- mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
- != MBEDTLS_MODE_CBC )
- {
- return( ssl_write_real( ssl, buf, len ) );
- }
-
- if( ssl->split_done == 0 )
- {
- if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
- return( ret );
- ssl->split_done = 1;
- }
-
- if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
- return( ret );
- ssl->split_done = 0;
-
- return( ret + 1 );
-}
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-
-/*
* Write application data (public-facing wrapper)
*/
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
@@ -5576,11 +5502,7 @@
}
}
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- ret = ssl_write_split( ssl, buf, len );
-#else
ret = ssl_write_real( ssl, buf, len );
-#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 73b79da..8f13a2c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1781,29 +1781,6 @@
ext += 4 + ext_size;
}
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
- for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
- {
- if( p[0] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) &&
- p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ) & 0xff ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) );
-
- if( ssl->minor_ver < ssl->conf->max_minor_ver )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
-
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
-
- return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
- }
-
- break;
- }
- }
-#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -3171,11 +3148,8 @@
/*
* 2.1: Choose hash algorithm:
- * A: For TLS 1.2, obey signature-hash-algorithm extension
- * to choose appropriate hash.
- * B: For TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
- * (RFC 4492, Sec. 5.4)
- * C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3)
+ * For TLS 1.2, obey signature-hash-algorithm extension
+ * to choose appropriate hash.
*/
mbedtls_md_type_t md_alg;
@@ -3185,7 +3159,7 @@
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- /* A: For TLS 1.2, obey signature-hash-algorithm extension
+ /* For TLS 1.2, obey signature-hash-algorithm extension
* (RFC 5246, Sec. 7.4.1.4.1). */
if( sig_alg == MBEDTLS_PK_NONE ||
( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
@@ -3198,39 +3172,18 @@
}
}
else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
- {
- /* B: Default hash SHA1 */
- md_alg = MBEDTLS_MD_SHA1;
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
- {
- /* C: MD5 + SHA1 */
- md_alg = MBEDTLS_MD_NONE;
- }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
/*
* 2.2: Compute the hash to be signed
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( md_alg == MBEDTLS_MD_NONE )
- {
- hashlen = 36;
- ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash,
- dig_signed,
- dig_signed_len );
- if( ret != 0 )
- return( ret );
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@@ -3241,8 +3194,7 @@
return( ret );
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3556,8 +3508,7 @@
/*
* Prepare to decrypt the premaster using own private RSA key
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if ( p + 2 > end ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
@@ -4177,22 +4128,6 @@
* opaque signature<0..2^16-1>;
* } DigitallySigned;
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- md_alg = MBEDTLS_MD_NONE;
- hashlen = 36;
-
- /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
- if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) )
- {
- hash_start += 16;
- hashlen -= 16;
- md_alg = MBEDTLS_MD_SHA1;
- }
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 170d563..a7e5b4c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -324,122 +324,6 @@
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static int tls1_prf( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
-{
- size_t nb, hs;
- size_t i, j, k;
- const unsigned char *S1, *S2;
- unsigned char *tmp;
- size_t tmp_len = 0;
- unsigned char h_i[20];
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_md_init( &md_ctx );
-
- tmp_len = 20 + strlen( label ) + rlen;
- tmp = mbedtls_calloc( 1, tmp_len );
- if( tmp == NULL )
- {
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
-
- hs = ( slen + 1 ) / 2;
- S1 = secret;
- S2 = secret + slen - hs;
-
- nb = strlen( label );
- memcpy( tmp + 20, label, nb );
- memcpy( tmp + 20 + nb, random, rlen );
- nb += rlen;
-
- /*
- * First compute P_md5(secret,label+random)[0..dlen]
- */
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
- {
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto exit;
- }
-
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- {
- goto exit;
- }
-
- mbedtls_md_hmac_starts( &md_ctx, S1, hs );
- mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
- mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
-
- for( i = 0; i < dlen; i += 16 )
- {
- mbedtls_md_hmac_reset ( &md_ctx );
- mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
- mbedtls_md_hmac_finish( &md_ctx, h_i );
-
- mbedtls_md_hmac_reset ( &md_ctx );
- mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
- mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
-
- k = ( i + 16 > dlen ) ? dlen % 16 : 16;
-
- for( j = 0; j < k; j++ )
- dstbuf[i + j] = h_i[j];
- }
-
- mbedtls_md_free( &md_ctx );
-
- /*
- * XOR out with P_sha1(secret,label+random)[0..dlen]
- */
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
- {
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto exit;
- }
-
- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- {
- goto exit;
- }
-
- mbedtls_md_hmac_starts( &md_ctx, S2, hs );
- mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
- mbedtls_md_hmac_finish( &md_ctx, tmp );
-
- for( i = 0; i < dlen; i += 20 )
- {
- mbedtls_md_hmac_reset ( &md_ctx );
- mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
- mbedtls_md_hmac_finish( &md_ctx, h_i );
-
- mbedtls_md_hmac_reset ( &md_ctx );
- mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
- mbedtls_md_hmac_finish( &md_ctx, tmp );
-
- k = ( i + 20 > dlen ) ? dlen % 20 : 20;
-
- for( j = 0; j < k; j++ )
- dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
- }
-
-exit:
- mbedtls_md_free( &md_ctx );
-
- mbedtls_platform_zeroize( tmp, tmp_len );
- mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
-
- mbedtls_free( tmp );
- return( ret );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -667,15 +551,6 @@
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * );
-static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
-#endif
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
@@ -715,13 +590,6 @@
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( tls_prf == tls1_prf )
- {
- return( MBEDTLS_SSL_TLS_PRF_TLS1 );
- }
- else
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA384_C)
if( tls_prf == tls_prf_sha384 )
@@ -752,12 +620,6 @@
switch( prf )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- case MBEDTLS_SSL_TLS_PRF_TLS1:
- tls_prf = tls1_prf;
- break;
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_SSL_TLS_PRF_SHA384:
@@ -1023,14 +885,8 @@
- transform->maclen % cipher_info->block_size;
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
- ; /* No need to adjust minlen */
- else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
- minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
transform->minlen += transform->ivlen;
}
@@ -1106,8 +962,7 @@
}
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
@@ -1280,7 +1135,7 @@
}
/*
- * Set appropriate PRF function and other SSL / TLS 1.0/1.1 / TLS1.2 functions
+ * Set appropriate PRF function and other SSL / TLS1.2 functions
*
* Inputs:
* - SSL/TLS minor version
@@ -1297,15 +1152,6 @@
(void) hash;
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- handshake->tls_prf = tls1_prf;
- handshake->calc_verify = ssl_calc_verify_tls;
- handshake->calc_finished = ssl_calc_finished_tls;
- }
- else
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA384_C)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
@@ -1546,37 +1392,6 @@
return( 0 );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen )
-{
- mbedtls_md5_context md5;
- mbedtls_sha1_context sha1;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
-
- mbedtls_md5_init( &md5 );
- mbedtls_sha1_init( &sha1 );
-
- mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
- mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
-
- mbedtls_md5_finish_ret( &md5, hash );
- mbedtls_sha1_finish_ret( &sha1, hash + 16 );
-
- *hlen = 36;
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
- mbedtls_md5_free( &md5 );
- mbedtls_sha1_free( &sha1 );
-
- return;
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
@@ -2203,8 +2018,7 @@
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
return( -1 );
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
@@ -2215,8 +2029,7 @@
}
return( -1 );
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif /* MBEDTLS_SSL_SRV_C */
@@ -2651,11 +2464,6 @@
{
((void) ciphersuite_info);
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
- ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
- else
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA384_C)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
@@ -2676,10 +2484,6 @@
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 );
- mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2703,10 +2507,6 @@
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
- mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2725,15 +2525,6 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
-{
- mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
- mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
-}
-#endif
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
@@ -2760,65 +2551,6 @@
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_calc_finished_tls(
- mbedtls_ssl_context *ssl, unsigned char *buf, int from )
-{
- int len = 12;
- const char *sender;
- mbedtls_md5_context md5;
- mbedtls_sha1_context sha1;
- unsigned char padbuf[36];
-
- mbedtls_ssl_session *session = ssl->session_negotiate;
- if( !session )
- session = ssl->session;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
-
- mbedtls_md5_init( &md5 );
- mbedtls_sha1_init( &sha1 );
-
- mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
- mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
-
- /*
- * TLSv1:
- * hash = PRF( master, finished_label,
- * MD5( handshake ) + SHA1( handshake ) )[0..11]
- */
-
-#if !defined(MBEDTLS_MD5_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
- md5.state, sizeof( md5.state ) );
-#endif
-
-#if !defined(MBEDTLS_SHA1_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
- sha1.state, sizeof( sha1.state ) );
-#endif
-
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
- ? "client finished"
- : "server finished";
-
- mbedtls_md5_finish_ret( &md5, padbuf );
- mbedtls_sha1_finish_ret( &sha1, padbuf + 16 );
-
- ssl->handshake->tls_prf( session->master, 48, sender,
- padbuf, 36, buf, len );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
-
- mbedtls_md5_free( &md5 );
- mbedtls_sha1_free( &sha1 );
-
- mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_calc_finished_tls_sha256(
@@ -3249,12 +2981,6 @@
{
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_init( &handshake->fin_md5 );
- mbedtls_sha1_init( &handshake->fin_sha1 );
- mbedtls_md5_starts_ret( &handshake->fin_md5 );
- mbedtls_sha1_starts_ret( &handshake->fin_sha1 );
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -3581,10 +3307,6 @@
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED )
- ssl->split_done = 0;
-#endif
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
@@ -3668,12 +3390,10 @@
}
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
{
conf->badmac_limit = limit;
}
-#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -3857,7 +3577,7 @@
if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
return;
- if( minor < MBEDTLS_SSL_MINOR_VERSION_1 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( minor != MBEDTLS_SSL_MINOR_VERSION_3 )
return;
set_protocol_version_ciphersuites(conf, minor, ciphersuites);
@@ -4425,13 +4145,6 @@
conf->min_minor_ver = minor;
}
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback )
-{
- conf->fallback = fallback;
-}
-#endif
-
#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
char cert_req_ca_list )
@@ -4476,13 +4189,6 @@
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split )
-{
- conf->cbc_record_splitting = split;
-}
-#endif
-
void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
{
conf->allow_legacy_renegotiation = allow_legacy;
@@ -5583,10 +5289,6 @@
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_free( &handshake->fin_md5 );
- mbedtls_sha1_free( &handshake->fin_sha1 );
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -5714,11 +5416,7 @@
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u
-#else
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 0u
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u
@@ -5935,7 +5633,6 @@
/*
* Saved fields from top-level ssl_context structure
*/
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
used += 4;
if( used <= buf_len )
{
@@ -5944,7 +5641,6 @@
*p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF );
}
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
used += 16;
@@ -6200,7 +5896,6 @@
/*
* Saved fields from top-level ssl_context structure
*/
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( (size_t)( end - p ) < 4 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -6209,7 +5904,6 @@
( (uint32_t) p[2] << 8 ) |
( (uint32_t) p[3] );
p += 4;
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( (size_t)( end - p ) < 16 )
@@ -6512,10 +6206,6 @@
conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
#endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
-#endif
-
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
conf->f_cookie_write = ssl_cookie_write_dummy;
conf->f_cookie_check = ssl_cookie_check_dummy;
@@ -6608,7 +6298,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
+ conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
#endif
const int* default_ciphersuites = mbedtls_ssl_list_ciphersuites();
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
@@ -6985,17 +6675,6 @@
switch( md )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#if defined(MBEDTLS_MD5_C)
- case MBEDTLS_SSL_HASH_MD5:
- return( -1 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
- case MBEDTLS_SSL_HASH_SHA1:
- ssl->handshake->calc_verify = ssl_calc_verify_tls;
- break;
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_SSL_HASH_SHA384:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
@@ -7019,92 +6698,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
- unsigned char *output,
- unsigned char *data, size_t data_len )
-{
- int ret = 0;
- mbedtls_md5_context mbedtls_md5;
- mbedtls_sha1_context mbedtls_sha1;
-
- mbedtls_md5_init( &mbedtls_md5 );
- mbedtls_sha1_init( &mbedtls_sha1 );
-
- /*
- * digitally-signed struct {
- * opaque md5_hash[16];
- * opaque sha_hash[20];
- * };
- *
- * md5_hash
- * MD5(ClientHello.random + ServerHello.random
- * + ServerParams);
- * sha_hash
- * SHA(ClientHello.random + ServerHello.random
- * + ServerParams);
- */
- if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5,
- ssl->handshake->randbytes, 64 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret );
- goto exit;
- }
- if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1,
- ssl->handshake->randbytes, 64 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
- goto exit;
- }
- if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data,
- data_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
- goto exit;
- }
- if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1,
- output + 16 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret );
- goto exit;
- }
-
-exit:
- mbedtls_md5_free( &mbedtls_md5 );
- mbedtls_sha1_free( &mbedtls_sha1 );
-
- if( ret != 0 )
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-
- return( ret );
-
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
@@ -7227,7 +6821,6 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 40ca90a..cbd9483 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -111,9 +111,6 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
#endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
-#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
#endif
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index f37df4a..8a9a4f6 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -220,8 +220,8 @@
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
+ if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
+ 0, hash, p ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index d19ddad..16b9f88 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -229,7 +229,7 @@
buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 );
buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
- if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 03a6e89..1c7e17e 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -143,8 +143,7 @@
fflush( stdout );
ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
- &ctr_drbg, MBEDTLS_RSA_PUBLIC,
- strlen( argv[1] ), input, buf );
+ &ctr_drbg, strlen( argv[1] ), input, buf );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 8e657a7..7bd9eae 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -146,7 +146,7 @@
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
20, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index e7e347c..49c9928 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -140,8 +140,8 @@
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
+ if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
+ 20, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 80b0ce0..6b53c78 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -250,13 +250,6 @@
#define USAGE_MAX_FRAG_LEN ""
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-#define USAGE_RECSPLIT \
- " recsplit=0/1 default: (library default: on)\n"
-#else
-#define USAGE_RECSPLIT
-#endif
-
#if defined(MBEDTLS_DHM_C)
#define USAGE_DHMLEN \
" dhmlen=%%d default: (library default: 1024 bits)\n"
@@ -296,13 +289,6 @@
#define USAGE_DTLS ""
#endif
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
-#define USAGE_FALLBACK \
- " fallback=0/1 default: (library default: off)\n"
-#else
-#define USAGE_FALLBACK ""
-#endif
-
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
#define USAGE_EMS \
" extended_ms=0/1 default: (library default: on)\n"
@@ -411,20 +397,18 @@
USAGE_TRUNC_HMAC \
USAGE_CONTEXT_CRT_CB \
USAGE_ALPN \
- USAGE_FALLBACK \
USAGE_EMS \
USAGE_ETM \
USAGE_REPRODUCIBLE \
USAGE_CURVES \
- USAGE_RECSPLIT \
USAGE_DHMLEN \
"\n"
#define USAGE4 \
" allow_sha1=%%d default: 0\n" \
- " min_version=%%s default: (library default: tls1)\n" \
+ " min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
- " options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
+ " options: tls1_2, dtls1_2\n" \
"\n" \
" force_ciphersuite=<name> default: all enabled\n"\
" query_config=<name> return 0 if the specified\n" \
@@ -1065,15 +1049,6 @@
{
opt.alpn_string = q;
}
- else if( strcmp( p, "fallback" ) == 0 )
- {
- switch( atoi( q ) )
- {
- case 0: opt.fallback = MBEDTLS_SSL_IS_NOT_FALLBACK; break;
- case 1: opt.fallback = MBEDTLS_SSL_IS_FALLBACK; break;
- default: goto usage;
- }
- }
else if( strcmp( p, "extended_ms" ) == 0 )
{
switch( atoi( q ) )
@@ -1100,12 +1075,7 @@
}
else if( strcmp( p, "min_version" ) == 0 )
{
- if( strcmp( q, "tls1" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls1_2" ) == 0 ||
+ if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
else
@@ -1113,12 +1083,7 @@
}
else if( strcmp( p, "max_version" ) == 0 )
{
- if( strcmp( q, "tls1" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls1_2" ) == 0 ||
+ if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
else
@@ -1135,27 +1100,11 @@
}
else if( strcmp( p, "force_version" ) == 0 )
{
- if( strcmp( q, "tls1" ) == 0 )
- {
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- }
- else if( strcmp( q, "tls1_1" ) == 0 )
- {
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- }
- else if( strcmp( q, "tls1_2" ) == 0 )
+ if( strcmp( q, "tls1_2" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
}
- else if( strcmp( q, "dtls1" ) == 0 )
- {
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
- }
else if( strcmp( q, "dtls1_2" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
@@ -1377,10 +1326,10 @@
if( opt.min_version < ciphersuite_info->min_minor_ver )
{
opt.min_version = ciphersuite_info->min_minor_ver;
- /* DTLS starts with TLS 1.1 */
+ /* DTLS starts with TLS 1.2 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1808,13 +1757,6 @@
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
- if( opt.recsplit != DFL_RECSPLIT )
- mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
- ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
- : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
-#endif
-
#if defined(MBEDTLS_DHM_C)
if( opt.dhmlen != DFL_DHMLEN )
mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
@@ -1937,11 +1879,6 @@
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.max_version );
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
- if( opt.fallback != DFL_FALLBACK )
- mbedtls_ssl_conf_fallback( &conf, opt.fallback );
-#endif
-
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index bc9c6bd..b360991 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -874,7 +874,6 @@
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index f7a424a..616d599 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -365,12 +365,8 @@
#define USAGE_ANTI_REPLAY ""
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
#define USAGE_BADMAC_LIMIT \
" badmac_limit=%%d default: (library default: disabled)\n"
-#else
-#define USAGE_BADMAC_LIMIT ""
-#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#define USAGE_DTLS \
@@ -502,10 +498,10 @@
USAGE_SSL_ASYNC \
USAGE_SNI \
" allow_sha1=%%d default: 0\n" \
- " min_version=%%s default: (library default: tls1)\n" \
+ " min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
- " options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
+ " options: tls1_2, dtls1_2\n" \
"\n" \
" version_suites=a,b,c per-version ciphersuites\n" \
" in order from tls1 to tls1_2\n" \
@@ -1728,12 +1724,7 @@
}
else if( strcmp( p, "min_version" ) == 0 )
{
- if( strcmp( q, "tls1" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls1_2" ) == 0 ||
+ if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
else
@@ -1741,12 +1732,7 @@
}
else if( strcmp( p, "max_version" ) == 0 )
{
- if( strcmp( q, "tls1" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- else if( strcmp( q, "tls1_1" ) == 0 ||
- strcmp( q, "dtls1" ) == 0 )
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- else if( strcmp( q, "tls1_2" ) == 0 ||
+ if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
else
@@ -1763,27 +1749,11 @@
}
else if( strcmp( p, "force_version" ) == 0 )
{
- if( strcmp( q, "tls1" ) == 0 )
- {
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
- }
- else if( strcmp( q, "tls1_1" ) == 0 )
- {
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- }
- else if( strcmp( q, "tls1_2" ) == 0 )
+ if( strcmp( q, "tls1_2" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
}
- else if( strcmp( q, "dtls1" ) == 0 )
- {
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
- opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
- }
else if( strcmp( q, "dtls1_2" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
@@ -2713,10 +2683,8 @@
mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
-#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
diff --git a/tests/compat.sh b/tests/compat.sh
index 6a2bbb2..6c1e0d4 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -67,7 +67,7 @@
fi
# default values for options
-MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2"
+MODES="tls1_2 dtls1_2"
VERIFIES="NO YES"
TYPES="ECDSA RSA PSK"
FILTER=""
@@ -155,19 +155,13 @@
# is_dtls <mode>
is_dtls()
{
- test "$1" = "dtls1" -o "$1" = "dtls1_2"
+ test "$1" = "dtls1_2"
}
# minor_ver <mode>
minor_ver()
{
case "$1" in
- tls1)
- echo 1
- ;;
- tls1_1|dtls1)
- echo 2
- ;;
tls1_2|dtls1_2)
echo 3
;;
@@ -841,19 +835,9 @@
{
G_MODE=""
case "$MODE" in
- "tls1")
- G_PRIO_MODE="+VERS-TLS1.0"
- ;;
- "tls1_1")
- G_PRIO_MODE="+VERS-TLS1.1"
- ;;
"tls1_2")
G_PRIO_MODE="+VERS-TLS1.2"
;;
- "dtls1")
- G_PRIO_MODE="+VERS-DTLS1.0"
- G_MODE="-u"
- ;;
"dtls1_2")
G_PRIO_MODE="+VERS-DTLS1.2"
G_MODE="-u"
diff --git a/tests/context-info.sh b/tests/context-info.sh
index 3465298..e02d330 100755
--- a/tests/context-info.sh
+++ b/tests/context-info.sh
@@ -214,7 +214,6 @@
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
@@ -238,7 +237,6 @@
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
@@ -345,7 +343,6 @@
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \
@@ -357,7 +354,6 @@
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1653ad8..8e163a9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -828,6 +828,15 @@
make test
}
+component_test_psa_crypto_rsa_no_genprime() {
+ msg "build: default config minus MBEDTLS_GENPRIME"
+ scripts/config.py unset MBEDTLS_GENPRIME
+ make
+
+ msg "test: default config minus MBEDTLS_GENPRIME"
+ make test
+}
+
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -2043,24 +2052,6 @@
if_build_succeeded tests/compat.sh
}
-component_test_variable_ssl_in_out_buffer_len_record_splitting () {
- msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled (ASan build)"
- scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
- scripts/config.py set MBEDTLS_SSL_CBC_RECORD_SPLITTING
-
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING"
- make test
-
- msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
- if_build_succeeded tests/ssl-opt.sh
-
- msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
- if_build_succeeded tests/compat.sh
-}
-
component_test_ssl_alloc_buffer_and_mfl () {
msg "build: default config with memory buffer allocator and MFL extension"
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 5f13b22..93b7e1d 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -115,7 +115,7 @@
echo '################ compat.sh ################'
{
echo '#### compat.sh: Default versions'
- sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
+ sh compat.sh -m 'tls1_2 dtls1_2'
echo
echo '#### compat.sh: legacy (null, DES, RC4)'
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 57263a3..a79604e 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -31,9 +31,6 @@
'config-ccm-psk-tls1_2.h' => {
'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
},
- 'config-mini-tls1_1.h' => {
- 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #'
- },
'config-no-entropy.h' => {
},
'config-suite-b.h' => {
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1041c87..1d49dc5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1402,22 +1402,6 @@
-C "Use configuration-specific verification callback" \
-C "error"
-# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
- "$G_SRV"\
- "$P_CLI force_version=tls1_1" \
- 0
-
-requires_gnutls
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
-run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
- "$G_SRV"\
- "$P_CLI force_version=tls1" \
- 0
-
# Tests for SHA-1 support
run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
@@ -2458,84 +2442,6 @@
-C "session hash for extended master secret" \
-S "session hash for extended master secret"
-# Tests for FALLBACK_SCSV
-
-run_test "Fallback SCSV: default" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 force_version=tls1_1" \
- 0 \
- -C "adding FALLBACK_SCSV" \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback" \
- -C "is a fatal alert message (msg 86)"
-
-run_test "Fallback SCSV: explicitly disabled" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
- 0 \
- -C "adding FALLBACK_SCSV" \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback" \
- -C "is a fatal alert message (msg 86)"
-
-run_test "Fallback SCSV: enabled" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
- 1 \
- -c "adding FALLBACK_SCSV" \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback" \
- -c "is a fatal alert message (msg 86)"
-
-run_test "Fallback SCSV: enabled, max version" \
- "$P_SRV debug_level=2" \
- "$P_CLI debug_level=3 fallback=1" \
- 0 \
- -c "adding FALLBACK_SCSV" \
- -s "received FALLBACK_SCSV" \
- -S "inapropriate fallback" \
- -C "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: default, openssl server" \
- "$O_SRV" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
- 0 \
- -C "adding FALLBACK_SCSV" \
- -C "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: enabled, openssl server" \
- "$O_SRV" \
- "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
- 1 \
- -c "adding FALLBACK_SCSV" \
- -c "is a fatal alert message (msg 86)"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: disabled, openssl client" \
- "$P_SRV debug_level=2" \
- "$O_CLI -tls1_1" \
- 0 \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: enabled, openssl client" \
- "$P_SRV debug_level=2" \
- "$O_CLI -tls1_1 -fallback_scsv" \
- 1 \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: enabled, max version, openssl client" \
- "$P_SRV debug_level=2" \
- "$O_CLI -fallback_scsv" \
- 0 \
- -s "received FALLBACK_SCSV" \
- -S "inapropriate fallback"
-
# Test sending and receiving empty application data records
run_test "Encrypt then MAC: empty application data record" \
@@ -2568,37 +2474,6 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
-## ClientHello generated with
-## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
-## then manually twiddling the ciphersuite list.
-## The ClientHello content is spelled out below as a hex string as
-## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
-## The expected response is an inappropriate_fallback alert.
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: beginning of list" \
- "$P_SRV debug_level=2" \
- "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \
- 0 \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback"
-
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: end of list" \
- "$P_SRV debug_level=2" \
- "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \
- 0 \
- -s "received FALLBACK_SCSV" \
- -s "inapropriate fallback"
-
-## Here the expected response is a valid ServerHello prefix, up to the random.
-requires_openssl_with_fallback_scsv
-run_test "Fallback SCSV: not in list" \
- "$P_SRV debug_level=2" \
- "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \
- 0 \
- -S "received FALLBACK_SCSV" \
- -S "inapropriate fallback"
-
# Tests for CBC 1/n-1 record splitting
run_test "CBC Record splitting: TLS 1.2, no splitting" \
@@ -2610,42 +2485,6 @@
-S "Read from client: 1 bytes read" \
-S "122 bytes read"
-run_test "CBC Record splitting: TLS 1.1, no splitting" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1_1" \
- 0 \
- -s "Read from client: 123 bytes read" \
- -S "Read from client: 1 bytes read" \
- -S "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.0, splitting" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1" \
- 0 \
- -S "Read from client: 123 bytes read" \
- -s "Read from client: 1 bytes read" \
- -s "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
- "$P_SRV" \
- "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1 recsplit=0" \
- 0 \
- -s "Read from client: 123 bytes read" \
- -S "Read from client: 1 bytes read" \
- -S "122 bytes read"
-
-run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
- "$P_SRV nbio=2" \
- "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
- request_size=123 force_version=tls1" \
- 0 \
- -S "Read from client: 123 bytes read" \
- -s "Read from client: 1 bytes read" \
- -s "122 bytes read"
-
# Tests for Session Tickets
run_test "Session resume using tickets: basic" \
@@ -2784,7 +2623,7 @@
-c "a session has been resumed"
run_test "Session resume using tickets, DTLS: openssl server" \
- "$O_SRV -dtls1" \
+ "$O_SRV -dtls" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
0 \
-c "client hello, adding session ticket extension" \
@@ -2794,8 +2633,8 @@
run_test "Session resume using tickets, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
+ "( $O_CLI -dtls -sess_out $SESSION; \
+ $O_CLI -dtls -sess_in $SESSION; \
rm -f $SESSION )" \
0 \
-s "found session ticket extension" \
@@ -2994,8 +2833,8 @@
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
+ "( $O_CLI -dtls -sess_out $SESSION; \
+ $O_CLI -dtls -sess_in $SESSION; \
rm -f $SESSION )" \
0 \
-s "found session ticket extension" \
@@ -3005,7 +2844,7 @@
-s "a session has been resumed"
run_test "Session resume using cache, DTLS: openssl server" \
- "$O_SRV -dtls1" \
+ "$O_SRV -dtls" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
0 \
-C "found session_ticket extension" \
@@ -4464,52 +4303,6 @@
-c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1"
-requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
- "$P_SRV crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server5-sha1.crt \
- key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -C "signed using.*ECDSA with SHA256" \
- -c "signed using.*ECDSA with SHA1"
-
-requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
- "$P_SRV crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server5-sha1.crt \
- key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls1" \
- 0 \
- -C "signed using.*ECDSA with SHA256" \
- -c "signed using.*ECDSA with SHA1"
-
-requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
- "$P_SRV crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server6.crt \
- key_file2=data_files/server6.key" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -c "serial number.*09" \
- -c "signed using.*ECDSA with SHA256" \
- -C "signed using.*ECDSA with SHA1"
-
-requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
- "$P_SRV crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
- crt_file2=data_files/server5.crt \
- key_file2=data_files/server5.key" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -c "serial number.*0A" \
- -c "signed using.*ECDSA with SHA256" \
- -C "signed using.*ECDSA with SHA1"
-
# tests for SNI
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
@@ -4970,67 +4763,6 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
-run_test "Version check: cli max 1.1 -> 1.1" \
- "$P_SRV" \
- "$P_CLI max_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: srv max 1.1 -> 1.1" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli+srv max 1.1 -> 1.1" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI max_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
- "$P_SRV min_version=tls1_1" \
- "$P_CLI max_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI min_version=tls1_1" \
- 0 \
- -S "mbedtls_ssl_handshake returned" \
- -C "mbedtls_ssl_handshake returned" \
- -s "Protocol is TLSv1.1" \
- -c "Protocol is TLSv1.1"
-
-run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
- "$P_SRV max_version=tls1_1" \
- "$P_CLI min_version=tls1_2" \
- 1 \
- -s "mbedtls_ssl_handshake returned" \
- -c "mbedtls_ssl_handshake returned" \
- -c "SSL - Handshake protocol not within min/max boundaries"
-
-run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
- "$P_SRV min_version=tls1_2" \
- "$P_CLI max_version=tls1_1" \
- 1 \
- -s "mbedtls_ssl_handshake returned" \
- -c "mbedtls_ssl_handshake returned" \
- -s "SSL - Handshake protocol not within min/max boundaries"
-
# Tests for ALPN extension
run_test "ALPN: none" \
@@ -5884,24 +5616,6 @@
# Tests for ciphersuites per version
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
-requires_config_enabled MBEDTLS_CAMELLIA_C
-requires_config_enabled MBEDTLS_AES_C
-run_test "Per-version suites: TLS 1.0" \
- "$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=tls1" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_config_enabled MBEDTLS_CAMELLIA_C
-requires_config_enabled MBEDTLS_AES_C
-run_test "Per-version suites: TLS 1.1" \
- "$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
-
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_CAMELLIA_C
requires_config_enabled MBEDTLS_AES_C
@@ -5936,66 +5650,6 @@
# Tests for small client packets
-run_test "Small client packet TLS 1.0 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.1 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: 1 bytes read"
-
run_test "Small client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
@@ -6050,40 +5704,6 @@
# Tests for small client packets in DTLS
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small client packet DTLS 1.0" \
- "$P_SRV dtls=1 force_version=dtls1" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small client packet DTLS 1.0, without EtM" \
- "$P_SRV dtls=1 force_version=dtls1 etm=0" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.0, truncated hmac" \
- "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
- "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
- "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 request_size=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -s "Read from client: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small client packet DTLS 1.2" \
"$P_SRV dtls=1 force_version=dtls1_2" \
"$P_CLI dtls=1 request_size=1 \
@@ -6119,66 +5739,6 @@
# Tests for small server packets
-run_test "Small server packet TLS 1.0 BlockCipher" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.1 BlockCipher" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV response_size=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=1 trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -c "Read from server: 1 bytes read"
-
run_test "Small server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \
@@ -6233,40 +5793,6 @@
# Tests for small server packets in DTLS
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small server packet DTLS 1.0" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small server packet DTLS 1.0, without EtM" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.0, truncated hmac" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
- "$P_CLI dtls=1 trunc_hmac=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
- "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
- "$P_CLI dtls=1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
- 0 \
- -c "Read from server: 1 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small server packet DTLS 1.2" \
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
"$P_CLI dtls=1 \
@@ -6307,69 +5833,6 @@
echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
}
-run_test "Large client packet TLS 1.0 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.1 BlockCipher" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV" \
- "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV trunc_hmac=1" \
- "$P_CLI request_size=16384 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "Read from client: $MAX_CONTENT_LEN bytes read"
-
run_test "Large client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
@@ -6426,69 +5889,6 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-# Checking next 3 tests logs for 1n-1 split against BEAST too
-run_test "Large server packet TLS 1.0 BlockCipher" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"\
- -c "16383 bytes read"\
- -C "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1 etm=0 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 1 bytes read"\
- -c "16383 bytes read"\
- -C "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1 recsplit=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 1 bytes read"\
- -c "16383 bytes read"\
- -C "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.1 BlockCipher" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
- "$P_SRV response_size=16384" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
- trunc_hmac=1" \
- 0 \
- -c "Read from server: 16384 bytes read"
-
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
- "$P_SRV response_size=16384 trunc_hmac=1" \
- "$P_CLI force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
- 0 \
- -s "16384 bytes written in 1 fragments" \
- -c "Read from server: 16384 bytes read"
-
run_test "Large server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
@@ -6710,18 +6110,6 @@
-s "Async resume (slot [0-9]): call 0 more times." \
-s "Async resume (slot [0-9]): sign done, status=0"
-# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1
-# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1.
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "SSL async private: sign, RSA, TLS 1.1" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \
- async_operations=s async_private_delay1=0 async_private_delay2=0" \
- "$P_CLI force_version=tls1_1" \
- 0 \
- -s "Async sign callback: using key slot " \
- -s "Async resume (slot [0-9]): sign done, status=0"
-
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SSL async private: sign, SNI" \
@@ -7277,28 +6665,28 @@
-s "Extra-header:"
run_test "DTLS reassembly: no fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 2048" \
+ "$O_SRV -dtls -mtu 2048" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-C "found fragmented DTLS handshake message" \
-C "error"
run_test "DTLS reassembly: some fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 768" \
+ "$O_SRV -dtls -mtu 768" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-C "error"
run_test "DTLS reassembly: more fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 256" \
+ "$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-C "error"
run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
- "$O_SRV -dtls1 -mtu 256" \
+ "$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
@@ -7999,21 +7387,6 @@
-c "fragmenting handshake message" \
-C "error"
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_gnutls
-run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
- "$G_SRV -u" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
# We use --insecure for the GnuTLS client because it expects
# the hostname / IP it connects to to be the name used in the
# certificate obtained from the server. Here, however, it
@@ -8036,22 +7409,6 @@
0 \
-s "fragmenting handshake message"
-# See previous test for the reason to use --insecure
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-requires_gnutls
-requires_not_i686
-run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- mtu=512 force_version=dtls1" \
- "$G_CLI -u --insecure 127.0.0.1" \
- 0 \
- -s "fragmenting handshake message"
-
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
@@ -8069,20 +7426,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
- "$O_SRV -dtls1 -verify 10" \
- "$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
@@ -8093,19 +7436,6 @@
0 \
-s "fragmenting handshake message"
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- mtu=512 force_version=dtls1" \
- "$O_CLI -dtls1" \
- 0 \
- -s "fragmenting handshake message"
-
# interop tests for DTLS fragmentating with unreliable connection
#
# again we just want to test that the we fragment in a way that
@@ -8131,23 +7461,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$G_NEXT_SRV -u" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
@@ -8160,22 +7473,6 @@
0 \
-s "fragmenting handshake message"
-requires_gnutls_next
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- "$G_NEXT_CLI -u --insecure 127.0.0.1" \
- 0 \
- -s "fragmenting handshake message"
-
## Interop test with OpenSSL might trigger a bug in recent versions (including
## all versions installed on the CI machines), reported here:
## Bug report: https://github.com/openssl/openssl/issues/6902
@@ -8202,23 +7499,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$O_SRV -dtls1 -verify 10" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- 0 \
- -c "fragmenting handshake message" \
- -C "error"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
@@ -8231,24 +7511,6 @@
0 \
-s "fragmenting handshake message"
-# -nbio is added to prevent s_client from blocking in case of duplicated
-# messages at the end of the handshake
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 4
-run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
- -p "$P_PXY drop=8 delay=8 duplicate=8" \
- "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
- hs_timeout=250-60000 mtu=512 force_version=dtls1" \
- "$O_CLI -nbio -dtls1" \
- 0 \
- -s "fragmenting handshake message"
-
# Tests for DTLS-SRTP (RFC 5764)
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP all profiles supported" \
@@ -8403,7 +7665,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP all profiles supported. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
@@ -8416,7 +7678,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
@@ -8429,7 +7691,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
@@ -8442,7 +7704,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
@@ -8455,7 +7717,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
@@ -8468,7 +7730,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
0 \
-s "found use_srtp extension" \
-s "found srtp profile" \
@@ -8480,7 +7742,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \
"$P_SRV dtls=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
@@ -8489,7 +7751,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP all profiles supported. openssl server" \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
@@ -8501,7 +7763,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
@@ -8513,7 +7775,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
@@ -8525,7 +7787,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
@@ -8537,7 +7799,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
@@ -8549,7 +7811,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
@@ -8561,7 +7823,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \
- "$O_SRV -dtls1" \
+ "$O_SRV -dtls" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
@@ -8573,7 +7835,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
+ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index f346b78..ddef836 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -70,13 +70,13 @@
}
int mbedtls_rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+ mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
((void) f_rng);
((void) p_rng);
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx,
- mbedtls_test_rnd_std_rand, NULL, mode,
+ mbedtls_test_rnd_std_rand, NULL,
md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index b03bdda..d1c0fc1 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -36,8 +36,8 @@
message_str->x = NULL;
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ &info, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
@@ -293,8 +293,8 @@
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PRIVATE, digest,
- 0, hash_result, output ) == result );
+ &info, digest, 0, hash_result,
+ output ) == result );
if( result == 0 )
{
@@ -334,7 +334,7 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 2e7f339..8f22f20 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -35,8 +35,8 @@
message_str->x = NULL;
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ &info, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
{
@@ -148,8 +148,8 @@
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
{
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PRIVATE, digest, 0,
- hash_result, output ) == result );
+ &info, digest, 0,hash_result,
+ output ) == result );
if( result == 0 )
{
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
@@ -199,7 +199,7 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -244,14 +244,13 @@
hash_len = message_str->len;
}
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- msg_digest_id, hash_len, hash_result,
- result_str->x ) == result_simple );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id,
+ hash_len, hash_result,
+ result_str->x ) == result_simple );
- TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- msg_digest_id, hash_len, hash_result,
- mgf_hash, salt_len,
- result_str->x ) == result_full );
+ TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_len,
+ hash_result, mgf_hash, salt_len,
+ result_str->x ) == result_full );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index cb0cb9c..4d9c7b6 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3369,7 +3369,7 @@
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
-depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
PSA generate key: RSA, 0 bits: invalid
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 1182cc6..efea5c1 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -23,8 +23,6 @@
mbedtls_rsa_context ctx;
const int valid_padding = MBEDTLS_RSA_PKCS_V21;
const int invalid_padding = 42;
- const int valid_mode = MBEDTLS_RSA_PRIVATE;
- const int invalid_mode = 42;
unsigned char buf[42] = { 0 };
size_t olen;
@@ -103,77 +101,47 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
- valid_mode,
sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- invalid_mode,
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- valid_mode,
sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- valid_mode,
sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
- NULL,
- valid_mode,
- sizeof( buf ), buf,
- buf ) );
+ NULL, sizeof( buf ),
+ buf, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- invalid_mode,
- sizeof( buf ), buf,
- buf ) );
+ NULL, sizeof( buf ),
+ NULL, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- valid_mode,
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- valid_mode,
- sizeof( buf ), buf,
- NULL ) );
+ NULL, sizeof( buf ),
+ buf, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
- valid_mode,
buf, sizeof( buf ),
sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- invalid_mode,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- valid_mode,
NULL, sizeof( buf ),
sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- valid_mode,
buf, sizeof( buf ),
sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- valid_mode,
buf, sizeof( buf ),
sizeof( buf ), buf,
NULL ) );
@@ -235,81 +203,54 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
- valid_mode,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- valid_mode,
0, sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- valid_mode,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- valid_mode,
MBEDTLS_MD_SHA1,
0, NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
- valid_mode,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- valid_mode,
0, sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- valid_mode,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- valid_mode,
MBEDTLS_MD_SHA1,
0, NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
- valid_mode,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- valid_mode,
0, sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- valid_mode,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- valid_mode,
MBEDTLS_MD_SHA1,
0, NULL,
buf ) );
@@ -337,119 +278,76 @@
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_pkcs1_verify( NULL,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_pkcs1_verify( &ctx,
0, sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_pkcs1_verify( &ctx,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_pkcs1_verify( &ctx,
MBEDTLS_MD_SHA1, 0, NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
- NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- invalid_mode,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
0, sizeof( buf ),
NULL, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
- NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
MBEDTLS_MD_SHA1,
0, NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify( NULL,
0, sizeof( buf ),
buf, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ),
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify( &ctx,
0, sizeof( buf ),
NULL, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify( &ctx,
0, sizeof( buf ),
buf, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify( &ctx,
MBEDTLS_MD_SHA1,
0, NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify_ext( NULL,
0, sizeof( buf ),
buf,
0, 0,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
- invalid_mode,
- 0, sizeof( buf ),
- buf,
- 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
0, sizeof( buf ),
NULL, 0, 0,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
0, sizeof( buf ),
buf, 0, 0,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
- valid_mode,
+ mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
MBEDTLS_MD_SHA1,
0, NULL,
0, 0,
@@ -524,8 +422,8 @@
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE, digest,
- 0, hash_result, output ) == result );
+ &rnd_info, digest, 0, hash_result,
+ output ) == result );
if( result == 0 )
{
@@ -565,7 +463,7 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -605,42 +503,14 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE,
- MBEDTLS_MD_NONE, hash_result->len,
+ &rnd_info, MBEDTLS_MD_NONE,
+ hash_result->len,
hash_result->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
ctx.len, result_str->len ) == 0 );
-#if defined(MBEDTLS_PKCS1_V15)
- /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
- if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
- {
- int res;
- memset( output, 0x00, sizeof( output) );
-
- res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
- &mbedtls_test_rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PRIVATE, hash_result->len,
- hash_result->x, output );
-
-#if !defined(MBEDTLS_RSA_ALT)
- TEST_ASSERT( res == 0 );
-#else
- TEST_ASSERT( ( res == 0 ) ||
- ( res == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) );
-#endif
-
- if( res == 0 )
- {
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
- ctx.len,
- result_str->len ) == 0 );
- }
- }
-#endif /* MBEDTLS_PKCS1_V15 */
-
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
@@ -672,7 +542,7 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -708,8 +578,8 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ &rnd_info, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
{
@@ -748,8 +618,8 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
- NULL, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ NULL, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
{
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 04ea69b..44f846f 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -16,11 +16,11 @@
}
int mbedtls_rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+ mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
- md_alg, hashlen, hash, sig ) );
+ return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
+ md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
{