Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
TLS1.3:Enable tls13 only build
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index bef3a35..39e46c4 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -120,7 +120,19 @@
the three first ones in the list above are mandatory (see section 9.1 of the
specification).
-- Supported versions: only TLS 1.3, version negotiation is not supported.
+- Supported versions:
+
+ - TLS 1.2 and TLS 1.3 but version negotiation is not supported.
+
+ - TLS 1.3 cannot be enabled in the build (MBEDTLS_SSL_PROTO_TLS1_3
+ configuration option) without TLS 1.2 (MBEDTLS_SSL_PROTO_TLS1_2 configuration
+ option).
+
+ - TLS 1.2 can be enabled in the build independently of TLS 1.3.
+
+ - If both TLS 1.3 and TLS 1.2 are enabled at build time, only one of them can
+ be configured at runtime via `mbedtls_ssl_conf_{min,max}_version`. Otherwise,
+ `mbedtls_ssl_setup` will raise `MBEDTLS_ERR_SSL_BAD_CONFIG` error.
- Compatibility with existing SSL/TLS build options:
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index d7cc7bc..c25ac0a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -643,7 +643,8 @@
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_TLS_C) && \
+ !( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
#endif
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 694473f..2f29ede 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -19,7 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -90,76 +90,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
- size_t hostname_len;
-
- *olen = 0;
-
- if( ssl->hostname == NULL )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding server name extension: %s",
- ssl->hostname ) );
-
- hostname_len = strlen( ssl->hostname );
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
-
- /*
- * Sect. 3, RFC 6066 (TLS Extensions Definitions)
- *
- * In order to provide any of the server names, clients MAY include an
- * extension of type "server_name" in the (extended) client hello. The
- * "extension_data" field of this extension SHALL contain
- * "ServerNameList" where:
- *
- * struct {
- * NameType name_type;
- * select (name_type) {
- * case host_name: HostName;
- * } name;
- * } ServerName;
- *
- * enum {
- * host_name(0), (255)
- * } NameType;
- *
- * opaque HostName<1..2^16-1>;
- *
- * struct {
- * ServerName server_name_list<1..2^16-1>
- * } ServerNameList;
- *
- */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
- p += 2;
-
- *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
-
- MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
- p += 2;
-
- memcpy( p, ssl->hostname, hostname_len );
-
- *olen = hostname_len + 9;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
#if defined(MBEDTLS_SSL_RENEGOTIATION)
static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -1028,8 +958,7 @@
ext_len += olen;
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ( ret = mbedtls_ssl_write_sig_alg_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
@@ -1037,7 +966,7 @@
return( ret );
}
ext_len += olen;
-#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2573,13 +2502,11 @@
return( ret );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( len_bytes == 2 )
{
MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
*olen += 2;
}
-#endif
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it. */
@@ -2590,7 +2517,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@@ -2655,7 +2581,6 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@@ -2940,7 +2865,6 @@
/*
* Handle the digitally-signed structure
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
if( ssl_parse_signature_algorithm( ssl, &p, end,
@@ -2968,7 +2892,6 @@
}
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3005,7 +2928,6 @@
/*
* Compute the hash that has been signed
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@@ -3015,7 +2937,6 @@
return( ret );
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3211,7 +3132,6 @@
}
/* supported_signature_algorithms */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
size_t sig_alg_len =
@@ -3257,7 +3177,6 @@
n += 2 + sig_alg_len;
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* certificate_authorities */
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
@@ -3816,7 +3735,6 @@
ssl->handshake->calc_verify( ssl, hash, &hashlen );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
/*
@@ -3852,7 +3770,6 @@
offset = 2;
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -4136,4 +4053,5 @@
return( ret );
}
-#endif /* MBEDTLS_SSL_CLI_C */
+
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4d753c8..0656439 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -79,7 +79,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
@@ -87,7 +89,9 @@
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -748,7 +752,6 @@
/*
* Checksum contexts
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
@@ -763,7 +766,6 @@
mbedtls_sha512_context fin_sha512;
#endif
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint16_t offered_group_id; /* The NamedGroup value for the group
@@ -1138,7 +1140,10 @@
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 522e59e..e9febfd 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -19,7 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -224,8 +224,7 @@
return( 0 );
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Status of the implementation of signature-algorithms extension:
@@ -313,8 +312,7 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1054,8 +1052,7 @@
{
const mbedtls_ssl_ciphersuite_t *suite_info;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_pk_type_t sig_type;
#endif
@@ -1115,8 +1112,7 @@
}
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* If the ciphersuite requires signing, check whether
* a suitable hash algorithm is present. */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
@@ -1131,8 +1127,7 @@
}
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
@@ -1178,11 +1173,9 @@
/* If there is no signature-algorithm extension present,
* we need to fall back to the default values for allowed
* signature-hash pairs. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
int sig_hash_alg_ext_present = 0;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@@ -1670,8 +1663,7 @@
return( ret );
break;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_TLS_EXT_SIG_ALG:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
@@ -1681,8 +1673,7 @@
sig_hash_alg_ext_present = 1;
break;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1794,8 +1785,7 @@
ext += 4 + ext_size;
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Try to fall back to default hash SHA1 if the client
@@ -1815,8 +1805,7 @@
md_default );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -1956,7 +1945,6 @@
/* Debugging-only output for testsuite */
#if defined(MBEDTLS_DEBUG_C) && \
- defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
@@ -2794,7 +2782,7 @@
p += ct_len;
sa_len = 0;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
/*
* Add signature_algorithms for verify (TLS 1.2)
*
@@ -2834,7 +2822,6 @@
sa_len += 2;
p += sa_len;
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/*
* DistinguishedName certificate_authorities<0..2^16-1>;
@@ -3167,7 +3154,6 @@
mbedtls_md_type_t md_alg;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t sig_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
@@ -3189,14 +3175,12 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
/*
* 2.2: Compute the hash to be signed
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
@@ -3207,7 +3191,6 @@
return( ret );
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -3218,7 +3201,6 @@
/*
* 2.3: Compute and add the signature
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
/*
@@ -3242,7 +3224,6 @@
ssl->out_msg[ssl->out_msglen++] =
mbedtls_ssl_sig_from_pk_alg( sig_alg );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL )
@@ -3522,7 +3503,6 @@
/*
* Prepare to decrypt the premaster using own private RSA key
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if ( p + 2 > end ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@@ -3533,7 +3513,6 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
-#endif
if( p + len != end )
{
@@ -4063,9 +4042,7 @@
unsigned char hash[48];
unsigned char *hash_start = hash;
size_t hashlen;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t pk_alg;
-#endif
mbedtls_md_type_t md_alg;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
@@ -4133,7 +4110,6 @@
* opaque signature<0..2^16-1>;
* } DigitallySigned;
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
if( i + 2 > ssl->in_hslen )
@@ -4187,7 +4163,6 @@
i++;
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -4406,4 +4381,4 @@
conf->respect_cli_pref = order;
}
-#endif /* MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_2 */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ae6f635..e80adb1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -334,306 +334,73 @@
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const unsigned char* seed, size_t seed_length,
- const unsigned char* label, size_t label_length,
- size_t capacity )
-{
- psa_status_t status;
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen );
- status = psa_key_derivation_setup( derivation, alg );
- if( status != PSA_SUCCESS )
- return( status );
+static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id );
- if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
- {
- status = psa_key_derivation_input_bytes( derivation,
- PSA_KEY_DERIVATION_INPUT_SEED,
- seed, seed_length );
- if( status != PSA_SUCCESS )
- return( status );
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
- if( mbedtls_svc_key_id_is_null( key ) )
- {
- status = psa_key_derivation_input_bytes(
- derivation, PSA_KEY_DERIVATION_INPUT_SECRET,
- NULL, 0 );
- }
- else
- {
- status = psa_key_derivation_input_key(
- derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key );
- }
- if( status != PSA_SUCCESS )
- return( status );
+/* Type for the TLS PRF */
+typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
+ const unsigned char *, size_t,
+ unsigned char *, size_t);
- status = psa_key_derivation_input_bytes( derivation,
- PSA_KEY_DERIVATION_INPUT_LABEL,
- label, label_length );
- if( status != PSA_SUCCESS )
- return( status );
- }
- else
- {
- return( PSA_ERROR_NOT_SUPPORTED );
- }
+static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
+ int ciphersuite,
+ const unsigned char master[48],
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+ defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac,
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ ssl_tls_prf_t tls_prf,
+ const unsigned char randbytes[64],
+ int minor_ver,
+ unsigned endpoint,
+ const mbedtls_ssl_context *ssl );
- status = psa_key_derivation_set_capacity( derivation, capacity );
- if( status != PSA_SUCCESS )
- return( status );
-
- return( PSA_SUCCESS );
-}
-
-static int tls_prf_generic( mbedtls_md_type_t md_type,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
-{
- psa_status_t status;
- psa_algorithm_t alg;
- mbedtls_svc_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_derivation_operation_t derivation =
- PSA_KEY_DERIVATION_OPERATION_INIT;
-
- if( md_type == MBEDTLS_MD_SHA384 )
- alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384);
- else
- alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256);
-
- /* Normally a "secret" should be long enough to be impossible to
- * find by brute force, and in particular should not be empty. But
- * this PRF is also used to derive an IV, in particular in EAP-TLS,
- * and for this use case it makes sense to have a 0-length "secret".
- * Since the key API doesn't allow importing a key of length 0,
- * keep master_key=0, which setup_psa_key_derivation() understands
- * to mean a 0-length "secret" input. */
- if( slen != 0 )
- {
- psa_key_attributes_t key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, alg );
- psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
-
- status = psa_import_key( &key_attributes, secret, slen, &master_key );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
-
- status = setup_psa_key_derivation( &derivation,
- master_key, alg,
- random, rlen,
- (unsigned char const *) label,
- (size_t) strlen( label ),
- dlen );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- psa_destroy_key( master_key );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
-
- status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- psa_destroy_key( master_key );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
-
- status = psa_key_derivation_abort( &derivation );
- if( status != PSA_SUCCESS )
- {
- psa_destroy_key( master_key );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
-
- if( ! mbedtls_svc_key_id_is_null( master_key ) )
- status = psa_destroy_key( master_key );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-
- return( 0 );
-}
-
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-static int tls_prf_generic( mbedtls_md_type_t md_type,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
-{
- size_t nb;
- size_t i, j, k, md_len;
- unsigned char *tmp;
- size_t tmp_len = 0;
- unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_md_init( &md_ctx );
-
- if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
- md_len = mbedtls_md_get_size( md_info );
-
- tmp_len = md_len + strlen( label ) + rlen;
- tmp = mbedtls_calloc( 1, tmp_len );
- if( tmp == NULL )
- {
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
-
- nb = strlen( label );
- memcpy( tmp + md_len, label, nb );
- memcpy( tmp + md_len + nb, random, rlen );
- nb += rlen;
-
- /*
- * Compute P_<hash>(secret, label + random)[0..dlen]
- */
- if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- goto exit;
-
- ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen );
- if( ret != 0 )
- goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
- if( ret != 0 )
- goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
- if( ret != 0 )
- goto exit;
-
- for( i = 0; i < dlen; i += md_len )
- {
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
- goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
- if( ret != 0 )
- goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
- if( ret != 0 )
- goto exit;
-
- ret = mbedtls_md_hmac_reset ( &md_ctx );
- if( ret != 0 )
- goto exit;
- ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
- if( ret != 0 )
- goto exit;
- ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
- if( ret != 0 )
- goto exit;
-
- k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
-
- for( j = 0; j < k; j++ )
- dstbuf[i + j] = h_i[j];
- }
-
-exit:
- mbedtls_md_free( &md_ctx );
-
- mbedtls_platform_zeroize( tmp, tmp_len );
- mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
-
- mbedtls_free( tmp );
-
- return( ret );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SHA256_C)
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
const char *label,
const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
-{
- return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
- label, random, rlen, dstbuf, dlen ) );
-}
+ unsigned char *dstbuf, size_t dlen );
+static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
+static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
+
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
const char *label,
const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen )
-{
- return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
- label, random, rlen, dstbuf, dlen ) );
-}
+ unsigned char *dstbuf, size_t dlen );
+
+static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
+static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
#endif /* MBEDTLS_SHA384_C */
+
+static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len );
+static int ssl_session_load_tls12( mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
-#endif
+#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
-static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
-{
- if( ssl->conf->f_psk != NULL )
- {
- /* If we've used a callback to select the PSK,
- * the static configuration is irrelevant. */
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( 1 );
-
- return( 0 );
- }
-
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return( 1 );
-
- return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-
-static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA384_C)
- if( tls_prf == tls_prf_sha384 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA384 );
- }
- else
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( tls_prf == tls_prf_sha256 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA256 );
- }
- else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- return( MBEDTLS_SSL_TLS_PRF_NONE );
-}
+#endif /* MBEDTLS_SHA384_C */
int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
const unsigned char *secret, size_t slen,
@@ -664,961 +431,6 @@
return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
}
-/* Type for the TLS PRF */
-typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
- const unsigned char *, size_t,
- unsigned char *, size_t);
-
-/*
- * Populate a transform structure with session keys and all the other
- * necessary information.
- *
- * Parameters:
- * - [in/out]: transform: structure to populate
- * [in] must be just initialised with mbedtls_ssl_transform_init()
- * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf()
- * - [in] ciphersuite
- * - [in] master
- * - [in] encrypt_then_mac
- * - [in] compression
- * - [in] tls_prf: pointer to PRF to use for key derivation
- * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
- * - [in] minor_ver: SSL/TLS minor version
- * - [in] endpoint: client or server
- * - [in] ssl: used for:
- * - ssl->conf->{f,p}_export_keys
- * [in] optionally used for:
- * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
- */
-static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
- int ciphersuite,
- const unsigned char master[48],
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- ssl_tls_prf_t tls_prf,
- const unsigned char randbytes[64],
- int minor_ver,
- unsigned endpoint,
- const mbedtls_ssl_context *ssl )
-{
- int ret = 0;
- unsigned char keyblk[256];
- unsigned char *key1;
- unsigned char *key2;
- unsigned char *mac_enc;
- unsigned char *mac_dec;
- size_t mac_key_len = 0;
- size_t iv_copy_len;
- size_t keylen;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- const mbedtls_cipher_info_t *cipher_info;
- const mbedtls_md_info_t *md_info;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_type_t key_type;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg;
- size_t key_bits;
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif
-
-#if !defined(MBEDTLS_DEBUG_C) && \
- !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( ssl->f_export_keys == NULL )
- {
- ssl = NULL; /* make sure we don't use it except for these cases */
- (void) ssl;
- }
-#endif
-
- /*
- * Some data just needs copying into the structure
- */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
- defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- transform->encrypt_then_mac = encrypt_then_mac;
-#endif
- transform->minor_ver = minor_ver;
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
- {
- /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
- * generation separate. This should never happen. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
- /*
- * Get various info structures
- */
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
- if( ciphersuite_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
- ciphersuite ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
- if( cipher_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
- ciphersuite_info->cipher ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
- md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
- if( md_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
- (unsigned) ciphersuite_info->mac ) );
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- /* Copy own and peer's CID if the use of the CID
- * extension has been negotiated. */
- if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
-
- transform->in_cid_len = ssl->own_cid_len;
- memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
- transform->in_cid_len );
-
- transform->out_cid_len = ssl->handshake->peer_cid_len;
- memcpy( transform->out_cid, ssl->handshake->peer_cid,
- ssl->handshake->peer_cid_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
- transform->out_cid_len );
- }
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- /*
- * Compute key block using the PRF
- */
- ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
- mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
-
- /*
- * Determine the appropriate key, IV and MAC length.
- */
-
- keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
-
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
- {
- size_t explicit_ivlen;
-
- transform->maclen = 0;
- mac_key_len = 0;
- transform->taglen =
- ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-
- /* All modes haves 96-bit IVs, but the length of the static parts vary
- * with mode and version:
- * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes
- * (to be concatenated with a dynamically chosen IV of 8 Bytes)
- * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's
- * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record
- * sequence number).
- */
- transform->ivlen = 12;
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
- transform->fixed_ivlen = 12;
- else
- transform->fixed_ivlen = 4;
-
- /* Minimum length of encrypted record */
- explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
- transform->minlen = explicit_ivlen + transform->taglen;
- }
- else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
- {
- /* Initialize HMAC contexts */
- if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
- ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
- goto end;
- }
-
- /* Get MAC length */
- mac_key_len = mbedtls_md_get_size( md_info );
- transform->maclen = mac_key_len;
-
- /* IV length */
- transform->ivlen = cipher_info->iv_size;
-
- /* Minimum length */
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
- transform->minlen = transform->maclen;
- else
- {
- /*
- * GenericBlockCipher:
- * 1. if EtM is in use: one block plus MAC
- * otherwise: * first multiple of blocklen greater than maclen
- * 2. IV
- */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
- {
- transform->minlen = transform->maclen
- + cipher_info->block_size;
- }
- else
-#endif
- {
- transform->minlen = transform->maclen
- + cipher_info->block_size
- - transform->maclen % cipher_info->block_size;
- }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- transform->minlen += transform->ivlen;
- }
- else
-#endif
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto end;
- }
- }
- }
- else
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
- (unsigned) keylen,
- (unsigned) transform->minlen,
- (unsigned) transform->ivlen,
- (unsigned) transform->maclen ) );
-
- /*
- * Finally setup the cipher contexts, IVs and MAC secrets.
- */
-#if defined(MBEDTLS_SSL_CLI_C)
- if( endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- key1 = keyblk + mac_key_len * 2;
- key2 = keyblk + mac_key_len * 2 + keylen;
-
- mac_enc = keyblk;
- mac_dec = keyblk + mac_key_len;
-
- /*
- * This is not used in TLS v1.1.
- */
- iv_copy_len = ( transform->fixed_ivlen ) ?
- transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
- memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
- iv_copy_len );
- }
- else
-#endif /* MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SRV_C)
- if( endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- key1 = keyblk + mac_key_len * 2 + keylen;
- key2 = keyblk + mac_key_len * 2;
-
- mac_enc = keyblk + mac_key_len;
- mac_dec = keyblk;
-
- /*
- * This is not used in TLS v1.1.
- */
- iv_copy_len = ( transform->fixed_ivlen ) ?
- transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
- memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
- iv_copy_len );
- }
- else
-#endif /* MBEDTLS_SSL_SRV_C */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto end;
- }
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- /* For HMAC-based ciphersuites, initialize the HMAC transforms.
- For AEAD-based ciphersuites, there is nothing to do here. */
- if( mac_key_len != 0 )
- {
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
- if( ret != 0 )
- goto end;
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
- if( ret != 0 )
- goto end;
- }
-#endif
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
- ((void) mac_dec);
- ((void) mac_enc);
-
- if( ssl != NULL && ssl->f_export_keys != NULL )
- {
- ssl->f_export_keys( ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
- master, 48,
- randbytes + 32,
- randbytes,
- tls_prf_get_type( tls_prf ) );
- }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
- transform->taglen,
- &alg,
- &key_type,
- &key_bits ) ) != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
- goto end;
- }
-
- transform->psa_alg = alg;
-
- if ( alg != MBEDTLS_SSL_NULL_CIPHER )
- {
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- if( ( status = psa_import_key( &attributes,
- key1,
- PSA_BITS_TO_BYTES( key_bits ),
- &transform->psa_key_enc ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status );
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
- goto end;
- }
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
-
- if( ( status = psa_import_key( &attributes,
- key2,
- PSA_BITS_TO_BYTES( key_bits ),
- &transform->psa_key_dec ) ) != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
- goto end;
- }
- }
-#else
- if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
- cipher_info ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- goto end;
- }
-
- if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
- cipher_info ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- goto end;
- }
-
- if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
- (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
- MBEDTLS_ENCRYPT ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- goto end;
- }
-
- if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
- (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
- MBEDTLS_DECRYPT ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- goto end;
- }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
- {
- if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- goto end;
- }
-
- if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- goto end;
- }
- }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-end:
- mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
- return( ret );
-}
-
-/*
- * Set appropriate PRF function and other SSL / TLS1.2 functions
- *
- * Inputs:
- * - SSL/TLS minor version
- * - hash associated with the ciphersuite (only used by TLS 1.2)
- *
- * Outputs:
- * - the tls_prf, calc_verify and calc_finished members of handshake structure
- */
-static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
- int minor_ver,
- mbedtls_md_type_t hash )
-{
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA384_C)
- (void) hash;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA384_C)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- hash == MBEDTLS_MD_SHA384 )
- {
- handshake->tls_prf = tls_prf_sha384;
- handshake->calc_verify = ssl_calc_verify_tls_sha384;
- handshake->calc_finished = ssl_calc_finished_tls_sha384;
- }
- else
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- handshake->tls_prf = tls_prf_sha256;
- handshake->calc_verify = ssl_calc_verify_tls_sha256;
- handshake->calc_finished = ssl_calc_finished_tls_sha256;
- }
- else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- {
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- return( 0 );
-}
-
-/*
- * Compute master secret if needed
- *
- * Parameters:
- * [in/out] handshake
- * [in] resume, premaster, extended_ms, calc_verify, tls_prf
- * (PSA-PSK) ciphersuite_info, psk_opaque
- * [out] premaster (cleared)
- * [out] master
- * [in] ssl: optionally used for debugging, EMS and PSA-PSK
- * debug: conf->f_dbg, conf->p_dbg
- * EMS: passed to calc_verify (debug + session_negotiate)
- * PSA-PSA: minor_ver, conf
- */
-static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
- unsigned char *master,
- const mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- /* cf. RFC 5246, Section 8.1:
- * "The master secret is always exactly 48 bytes in length." */
- size_t const master_secret_len = 48;
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- unsigned char session_hash[48];
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
- /* The label for the KDF used for key expansion.
- * This is either "master secret" or "extended master secret"
- * depending on whether the Extended Master Secret extension
- * is used. */
- char const *lbl = "master secret";
-
- /* The salt for the KDF used for key expansion.
- * - If the Extended Master Secret extension is not used,
- * this is ClientHello.Random + ServerHello.Random
- * (see Sect. 8.1 in RFC 5246).
- * - If the Extended Master Secret extension is used,
- * this is the transcript of the handshake so far.
- * (see Sect. 4 in RFC 7627). */
- unsigned char const *salt = handshake->randbytes;
- size_t salt_len = 64;
-
-#if !defined(MBEDTLS_DEBUG_C) && \
- !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
- !(defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
- ssl = NULL; /* make sure we don't use it except for those cases */
- (void) ssl;
-#endif
-
- if( handshake->resume != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
- return( 0 );
- }
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
- {
- lbl = "extended master secret";
- salt = session_hash;
- handshake->calc_verify( ssl, session_hash, &salt_len );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret",
- session_hash, salt_len );
- }
-#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- ssl_use_opaque_psk( ssl ) == 1 )
- {
- /* Perform PSK-to-MS expansion in a single step. */
- psa_status_t status;
- psa_algorithm_t alg;
- mbedtls_svc_key_id_t psk;
- psa_key_derivation_operation_t derivation =
- PSA_KEY_DERIVATION_OPERATION_INIT;
- mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
-
- psk = mbedtls_ssl_get_opaque_psk( ssl );
-
- if( hash_alg == MBEDTLS_MD_SHA384 )
- alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
- else
- alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
-
- status = setup_psa_key_derivation( &derivation, psk, alg,
- salt, salt_len,
- (unsigned char const *) lbl,
- (size_t) strlen( lbl ),
- master_secret_len );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
-
- status = psa_key_derivation_output_bytes( &derivation,
- master,
- master_secret_len );
- if( status != PSA_SUCCESS )
- {
- psa_key_derivation_abort( &derivation );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
-
- status = psa_key_derivation_abort( &derivation );
- if( status != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
- else
-#endif
- {
- ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
- lbl, salt, salt_len,
- master,
- master_secret_len );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
- }
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret",
- handshake->premaster,
- handshake->pmslen );
-
- mbedtls_platform_zeroize( handshake->premaster,
- sizeof(handshake->premaster) );
- }
-
- return( 0 );
-}
-
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
- ssl->handshake->ciphersuite_info;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
-
- /* Set PRF, calc_verify and calc_finished function pointers */
- ret = ssl_set_handshake_prfs( ssl->handshake,
- ssl->minor_ver,
- ciphersuite_info->mac );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret );
- return( ret );
- }
-
- /* Compute master secret if needed */
- ret = ssl_compute_master( ssl->handshake,
- ssl->session_negotiate->master,
- ssl );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret );
- return( ret );
- }
-
- /* Swap the client and server random values:
- * - MS derivation wanted client+server (RFC 5246 8.1)
- * - key derivation wants server+client (RFC 5246 6.3) */
- {
- unsigned char tmp[64];
- memcpy( tmp, ssl->handshake->randbytes, 64 );
- memcpy( ssl->handshake->randbytes, tmp + 32, 32 );
- memcpy( ssl->handshake->randbytes + 32, tmp, 32 );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- }
-
- /* Populate transform structure */
- ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
- ssl->session_negotiate->ciphersuite,
- ssl->session_negotiate->master,
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl->session_negotiate->encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- ssl->handshake->tls_prf,
- ssl->handshake->randbytes,
- ssl->minor_ver,
- ssl->conf->endpoint,
- ssl );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret );
- return( ret );
- }
-
- /* We no longer need Server/ClientHello.random values */
- mbedtls_platform_zeroize( ssl->handshake->randbytes,
- sizeof( ssl->handshake->randbytes ) );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
-
- return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- size_t hash_size;
- psa_status_t status;
- psa_hash_operation_t sha256_psa = psa_hash_operation_init();
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
- status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
- return;
- }
-
- status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
- return;
- }
-
- *hlen = 32;
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
-#else
- mbedtls_sha256_context sha256;
-
- mbedtls_sha256_init( &sha256 );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
-
- mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
- mbedtls_sha256_finish( &sha256, hash );
-
- *hlen = 32;
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
- mbedtls_sha256_free( &sha256 );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return;
-}
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA384_C)
-void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- size_t hash_size;
- psa_status_t status;
- psa_hash_operation_t sha384_psa = psa_hash_operation_init();
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) );
- status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
- return;
- }
-
- status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
- return;
- }
-
- *hlen = 48;
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
-#else
- mbedtls_sha512_context sha512;
-
- mbedtls_sha512_init( &sha512 );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
-
- mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
- mbedtls_sha512_finish( &sha512, hash );
-
- *hlen = 48;
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
- mbedtls_sha512_free( &sha512 );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return;
-}
-#endif /* MBEDTLS_SHA384_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
-{
- unsigned char *p = ssl->handshake->premaster;
- unsigned char *end = p + sizeof( ssl->handshake->premaster );
- const unsigned char *psk = NULL;
- size_t psk_len = 0;
-
- if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
- == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
- {
- /*
- * This should never happen because the existence of a PSK is always
- * checked before calling this function
- */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /*
- * PMS = struct {
- * opaque other_secret<0..2^16-1>;
- * opaque psk<0..2^16-1>;
- * };
- * with "other_secret" depending on the particular key exchange
- */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
- {
- if( end - p < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
- p += 2;
-
- if( end < p || (size_t)( end - p ) < psk_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- memset( p, 0, psk_len );
- p += psk_len;
- }
- else
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
- /*
- * other_secret already set by the ClientKeyExchange message,
- * and is 48 bytes long
- */
- if( end - p < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- *p++ = 0;
- *p++ = 48;
- p += 48;
- }
- else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
- {
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len;
-
- /* Write length only when we know the actual value */
- if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
- p + 2, end - ( p + 2 ), &len,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
- return( ret );
- }
- MBEDTLS_PUT_UINT16_BE( len, p, 0 );
- p += 2 + len;
-
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
- }
- else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
- {
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t zlen;
-
- if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
- p + 2, end - ( p + 2 ),
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
- return( ret );
- }
-
- MBEDTLS_PUT_UINT16_BE( zlen, p, 0 );
- p += 2 + zlen;
-
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Z );
- }
- else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /* opaque psk<0..2^16-1>; */
- if( end - p < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
- p += 2;
-
- if( end < p || (size_t)( end - p ) < psk_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- memcpy( p, psk, psk_len );
- p += psk_len;
-
- ssl->handshake->pmslen = p - ssl->handshake->premaster;
-
- return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl )
-{
- /* If renegotiation is not enforced, retransmit until we would reach max
- * timeout if we were using the usual handshake doubling scheme */
- if( ssl->conf->renego_max_records < 0 )
- {
- uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
- unsigned char doublings = 1;
-
- while( ratio != 0 )
- {
- ++doublings;
- ratio >>= 1;
- }
-
- if( ++ssl->renego_records_seen > doublings )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
- return( 0 );
- }
- }
-
- return( ssl_write_hello_request( ssl ) );
-}
-#endif
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
-
#if defined(MBEDTLS_X509_CRT_PARSE_C)
static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
{
@@ -1642,803 +454,11 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-/*
- * Handshake functions
- */
-#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/* No certificate support -> dummy functions */
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
-{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->handshake->ciphersuite_info;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
-
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
- ssl->state++;
- return( 0 );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
-{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->handshake->ciphersuite_info;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
- ssl->state++;
- return( 0 );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-/* Some certificate support -> implement write and parse */
-
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- size_t i, n;
- const mbedtls_x509_crt *crt;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->handshake->ciphersuite_info;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
-
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
- ssl->state++;
- return( 0 );
- }
-
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- if( ssl->handshake->client_auth == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
- ssl->state++;
- return( 0 );
- }
- }
-#endif /* MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- if( mbedtls_ssl_own_cert( ssl ) == NULL )
- {
- /* Should never happen because we shouldn't have picked the
- * ciphersuite if we don't have a certificate. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
- }
-#endif
-
- MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
-
- /*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
- * 4 . 6 length of all certs
- * 7 . 9 length of cert. 1
- * 10 . n-1 peer certificate
- * n . n+2 length of cert. 2
- * n+3 . ... upper level cert, etc.
- */
- i = 7;
- crt = mbedtls_ssl_own_cert( ssl );
-
- while( crt != NULL )
- {
- n = crt->raw.len;
- if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
- " > %" MBEDTLS_PRINTF_SIZET,
- i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- }
-
- ssl->out_msg[i ] = MBEDTLS_BYTE_2( n );
- ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n );
- ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n );
-
- i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
- i += n; crt = crt->next;
- }
-
- ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 );
- ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 );
- ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 );
-
- ssl->out_msglen = i;
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
-
- ssl->state++;
-
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
-
- return( ret );
-}
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
-
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
- unsigned char *crt_buf,
- size_t crt_buf_len )
-{
- mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
-
- if( peer_crt == NULL )
- return( -1 );
-
- if( peer_crt->raw.len != crt_buf_len )
- return( -1 );
-
- return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) );
-}
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
- unsigned char *crt_buf,
- size_t crt_buf_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char const * const peer_cert_digest =
- ssl->session->peer_cert_digest;
- mbedtls_md_type_t const peer_cert_digest_type =
- ssl->session->peer_cert_digest_type;
- mbedtls_md_info_t const * const digest_info =
- mbedtls_md_info_from_type( peer_cert_digest_type );
- unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
- size_t digest_len;
-
- if( peer_cert_digest == NULL || digest_info == NULL )
- return( -1 );
-
- digest_len = mbedtls_md_get_size( digest_info );
- if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
- return( -1 );
-
- ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
- if( ret != 0 )
- return( -1 );
-
- return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
-}
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
-
-/*
- * Once the certificate message is read, parse it into a cert chain and
- * perform basic checks, but leave actual verification to the caller
- */
-static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
- mbedtls_x509_crt *chain )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
- int crt_cnt=0;
-#endif
- size_t i, n;
- uint8_t alert;
-
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
- }
-
- if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
- i = mbedtls_ssl_hs_hdr_len( ssl );
-
- /*
- * Same message structure as in mbedtls_ssl_write_certificate()
- */
- n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
-
- if( ssl->in_msg[i] != 0 ||
- ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
- /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
- i += 3;
-
- /* Iterate through and parse the CRTs in the provided chain. */
- while( i < ssl->in_hslen )
- {
- /* Check that there's room for the next CRT's length fields. */
- if ( i + 3 > ssl->in_hslen ) {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
- /* In theory, the CRT can be up to 2**24 Bytes, but we don't support
- * anything beyond 2**16 ~ 64K. */
- if( ssl->in_msg[i] != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT );
- return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
- }
-
- /* Read length of the next CRT in the chain. */
- n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
- | (unsigned int) ssl->in_msg[i + 2];
- i += 3;
-
- if( n < 128 || i + n > ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
- /* Check if we're handling the first CRT in the chain. */
-#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
- if( crt_cnt++ == 0 &&
- ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
- /* During client-side renegotiation, check that the server's
- * end-CRTs hasn't changed compared to the initial handshake,
- * mitigating the triple handshake attack. On success, reuse
- * the original end-CRT instead of parsing it again. */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
- if( ssl_check_peer_crt_unchanged( ssl,
- &ssl->in_msg[i],
- n ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
- return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
- }
-
- /* Now we can safely free the original chain. */
- ssl_clear_peer_cert( ssl->session );
- }
-#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
-
- /* Parse the next certificate in the chain. */
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
-#else
- /* If we don't need to store the CRT chain permanently, parse
- * it in-place from the input buffer instead of making a copy. */
- ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- switch( ret )
- {
- case 0: /*ok*/
- case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
- /* Ignore certificate with an unknown algorithm: maybe a
- prior certificate was already trusted. */
- break;
-
- case MBEDTLS_ERR_X509_ALLOC_FAILED:
- alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
- goto crt_parse_der_failed;
-
- case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- goto crt_parse_der_failed;
-
- default:
- alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
- crt_parse_der_failed:
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
- MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
- return( ret );
- }
-
- i += n;
- }
-
- MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain );
- return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_SRV_C)
-static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
-{
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- return( -1 );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
- ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
- memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
- return( 0 );
- }
-
- return( -1 );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-/* Check if a certificate message is expected.
- * Return either
- * - SSL_CERTIFICATE_EXPECTED, or
- * - SSL_CERTIFICATE_SKIP
- * indicating whether a Certificate message is expected or not.
- */
-#define SSL_CERTIFICATE_EXPECTED 0
-#define SSL_CERTIFICATE_SKIP 1
-static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
- int authmode )
-{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->handshake->ciphersuite_info;
-
- if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
- return( SSL_CERTIFICATE_SKIP );
-
-#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- return( SSL_CERTIFICATE_SKIP );
-
- if( authmode == MBEDTLS_SSL_VERIFY_NONE )
- {
- ssl->session_negotiate->verify_result =
- MBEDTLS_X509_BADCERT_SKIP_VERIFY;
- return( SSL_CERTIFICATE_SKIP );
- }
- }
-#else
- ((void) authmode);
-#endif /* MBEDTLS_SSL_SRV_C */
-
- return( SSL_CERTIFICATE_EXPECTED );
-}
-
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
- int authmode,
- mbedtls_x509_crt *chain,
- void *rs_ctx )
-{
- int ret = 0;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->handshake->ciphersuite_info;
- int have_ca_chain = 0;
-
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy;
-
- if( authmode == MBEDTLS_SSL_VERIFY_NONE )
- return( 0 );
-
- if( ssl->f_vrfy != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) );
- f_vrfy = ssl->f_vrfy;
- p_vrfy = ssl->p_vrfy;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) );
- f_vrfy = ssl->conf->f_vrfy;
- p_vrfy = ssl->conf->p_vrfy;
- }
-
- /*
- * Main check: verify certificate
- */
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- if( ssl->conf->f_ca_cb != NULL )
- {
- ((void) rs_ctx);
- have_ca_chain = 1;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) );
- ret = mbedtls_x509_crt_verify_with_ca_cb(
- chain,
- ssl->conf->f_ca_cb,
- ssl->conf->p_ca_cb,
- ssl->conf->cert_profile,
- ssl->hostname,
- &ssl->session_negotiate->verify_result,
- f_vrfy, p_vrfy );
- }
- else
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
- {
- mbedtls_x509_crt *ca_chain;
- mbedtls_x509_crl *ca_crl;
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ssl->handshake->sni_ca_chain != NULL )
- {
- ca_chain = ssl->handshake->sni_ca_chain;
- ca_crl = ssl->handshake->sni_ca_crl;
- }
- else
-#endif
- {
- ca_chain = ssl->conf->ca_chain;
- ca_crl = ssl->conf->ca_crl;
- }
-
- if( ca_chain != NULL )
- have_ca_chain = 1;
-
- ret = mbedtls_x509_crt_verify_restartable(
- chain,
- ca_chain, ca_crl,
- ssl->conf->cert_profile,
- ssl->hostname,
- &ssl->session_negotiate->verify_result,
- f_vrfy, p_vrfy, rs_ctx );
- }
-
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
- }
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
-#endif
-
- /*
- * Secondary checks: always done, but change 'ret' only if it was 0
- */
-
-#if defined(MBEDTLS_ECP_C)
- {
- const mbedtls_pk_context *pk = &chain->pk;
-
- /* If certificate uses an EC key, make sure the curve is OK */
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
- mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
- {
- ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
- if( ret == 0 )
- ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
- }
- }
-#endif /* MBEDTLS_ECP_C */
-
- if( mbedtls_ssl_check_cert_usage( chain,
- ciphersuite_info,
- ! ssl->conf->endpoint,
- &ssl->session_negotiate->verify_result ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
- if( ret == 0 )
- ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
- }
-
- /* mbedtls_x509_crt_verify_with_profile is supposed to report a
- * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
- * with details encoded in the verification flags. All other kinds
- * of error codes, including those from the user provided f_vrfy
- * functions, are treated as fatal and lead to a failure of
- * ssl_parse_certificate even if verification was optional. */
- if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
- ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
- ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) )
- {
- ret = 0;
- }
-
- if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
- ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
- }
-
- if( ret != 0 )
- {
- uint8_t alert;
-
- /* The certificate may have been rejected for several reasons.
- Pick one and send the corresponding alert. Which alert to send
- may be a subject of debate in some cases. */
- if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
- alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
- alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
- alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
- alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
- alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
- else
- alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- alert );
- }
-
-#if defined(MBEDTLS_DEBUG_C)
- if( ssl->session_negotiate->verify_result != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
- (unsigned int) ssl->session_negotiate->verify_result ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
- }
-#endif /* MBEDTLS_DEBUG_C */
-
- return( ret );
-}
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
- unsigned char *start, size_t len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- /* Remember digest of the peer's end-CRT. */
- ssl->session_negotiate->peer_cert_digest =
- mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
- if( ssl->session_negotiate->peer_cert_digest == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- }
-
- ret = mbedtls_md( mbedtls_md_info_from_type(
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
- start, len,
- ssl->session_negotiate->peer_cert_digest );
-
- ssl->session_negotiate->peer_cert_digest_type =
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
- ssl->session_negotiate->peer_cert_digest_len =
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
-
- return( ret );
-}
-
-static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
- unsigned char *start, size_t len )
-{
- unsigned char *end = start + len;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- /* Make a copy of the peer's raw public key. */
- mbedtls_pk_init( &ssl->handshake->peer_pubkey );
- ret = mbedtls_pk_parse_subpubkey( &start, end,
- &ssl->handshake->peer_pubkey );
- if( ret != 0 )
- {
- /* We should have parsed the public key before. */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- return( 0 );
-}
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
-{
- int ret = 0;
- int crt_expected;
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
- ? ssl->handshake->sni_authmode
- : ssl->conf->authmode;
-#else
- const int authmode = ssl->conf->authmode;
-#endif
- void *rs_ctx = NULL;
- mbedtls_x509_crt *chain = NULL;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-
- crt_expected = ssl_parse_certificate_coordinate( ssl, authmode );
- if( crt_expected == SSL_CERTIFICATE_SKIP )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
- goto exit;
- }
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled &&
- ssl->handshake->ecrs_state == ssl_ecrs_crt_verify )
- {
- chain = ssl->handshake->ecrs_peer_cert;
- ssl->handshake->ecrs_peer_cert = NULL;
- goto crt_verify;
- }
-#endif
-
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- /* mbedtls_ssl_read_record may have sent an alert already. We
- let it decide whether to alert. */
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- goto exit;
- }
-
-#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 )
- {
- ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
-
- if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL )
- ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
-
- goto exit;
- }
-#endif /* MBEDTLS_SSL_SRV_C */
-
- /* Clear existing peer CRT structure in case we tried to
- * reuse a session but it failed, and allocate a new one. */
- ssl_clear_peer_cert( ssl->session_negotiate );
-
- chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
- if( chain == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
- sizeof( mbedtls_x509_crt ) ) );
- mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
- mbedtls_x509_crt_init( chain );
-
- ret = ssl_parse_certificate_chain( ssl, chain );
- if( ret != 0 )
- goto exit;
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ssl->handshake->ecrs_enabled)
- ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
-
-crt_verify:
- if( ssl->handshake->ecrs_enabled)
- rs_ctx = &ssl->handshake->ecrs_ctx;
-#endif
-
- ret = ssl_parse_certificate_verify( ssl, authmode,
- chain, rs_ctx );
- if( ret != 0 )
- goto exit;
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- {
- unsigned char *crt_start, *pk_start;
- size_t crt_len, pk_len;
-
- /* We parse the CRT chain without copying, so
- * these pointers point into the input buffer,
- * and are hence still valid after freeing the
- * CRT chain. */
-
- crt_start = chain->raw.p;
- crt_len = chain->raw.len;
-
- pk_start = chain->pk_raw.p;
- pk_len = chain->pk_raw.len;
-
- /* Free the CRT structures before computing
- * digest and copying the peer's public key. */
- mbedtls_x509_crt_free( chain );
- mbedtls_free( chain );
- chain = NULL;
-
- ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len );
- if( ret != 0 )
- goto exit;
-
- ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len );
- if( ret != 0 )
- goto exit;
- }
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- /* Pass ownership to session structure. */
- ssl->session_negotiate->peer_cert = chain;
- chain = NULL;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
-
-exit:
-
- if( ret == 0 )
- ssl->state++;
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
- {
- ssl->handshake->ecrs_peer_cert = chain;
- chain = NULL;
- }
-#endif
-
- if( chain != NULL )
- {
- mbedtls_x509_crt_free( chain );
- mbedtls_free( chain );
- }
-
- return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
{
((void) ciphersuite_info);
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA384_C)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
@@ -2449,7 +469,6 @@
ssl->handshake->update_checksum = ssl_update_checksum_sha256;
else
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return;
@@ -2458,7 +477,7 @@
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ ((void) ssl);
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &ssl->handshake->fin_sha256_psa );
@@ -2475,13 +494,11 @@
mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
#endif
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
@@ -2496,10 +513,8 @@
mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
#endif
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
@@ -2523,451 +538,11 @@
#endif
}
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-static void ssl_calc_finished_tls_sha256(
- mbedtls_ssl_context *ssl, unsigned char *buf, int from )
-{
- int len = 12;
- const char *sender;
- unsigned char padbuf[32];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- size_t hash_size;
- psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
- psa_status_t status;
-#else
- mbedtls_sha256_context sha256;
-#endif
-
- mbedtls_ssl_session *session = ssl->session_negotiate;
- if( !session )
- session = ssl->session;
-
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
- ? "client finished"
- : "server finished";
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- sha256_psa = psa_hash_operation_init();
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
-
- status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
- return;
- }
-
- status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
- return;
- }
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
-#else
-
- mbedtls_sha256_init( &sha256 );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
-
- mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
-
- /*
- * TLSv1.2:
- * hash = PRF( master, finished_label,
- * Hash( handshake ) )[0.11]
- */
-
-#if !defined(MBEDTLS_SHA256_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
- sha256.state, sizeof( sha256.state ) );
-#endif
-
- mbedtls_sha256_finish( &sha256, padbuf );
- mbedtls_sha256_free( &sha256 );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- ssl->handshake->tls_prf( session->master, 48, sender,
- padbuf, 32, buf, len );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
-
- mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
-}
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA384_C)
-
-static void ssl_calc_finished_tls_sha384(
- mbedtls_ssl_context *ssl, unsigned char *buf, int from )
-{
- int len = 12;
- const char *sender;
- unsigned char padbuf[48];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- size_t hash_size;
- psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
- psa_status_t status;
-#else
- mbedtls_sha512_context sha512;
-#endif
-
- mbedtls_ssl_session *session = ssl->session_negotiate;
- if( !session )
- session = ssl->session;
-
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
- ? "client finished"
- : "server finished";
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- sha384_psa = psa_hash_operation_init();
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) );
-
- status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
- return;
- }
-
- status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size );
- if( status != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
- return;
- }
- MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 );
-#else
- mbedtls_sha512_init( &sha512 );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
-
- mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
-
- /*
- * TLSv1.2:
- * hash = PRF( master, finished_label,
- * Hash( handshake ) )[0.11]
- */
-
-#if !defined(MBEDTLS_SHA512_ALT)
- MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
- sha512.state, sizeof( sha512.state ) );
-#endif
- mbedtls_sha512_finish( &sha512, padbuf );
-
- mbedtls_sha512_free( &sha512 );
-#endif
-
- ssl->handshake->tls_prf( session->master, 48, sender,
- padbuf, 48, buf, len );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
-
- mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
-}
-#endif /* MBEDTLS_SHA384_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
-{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
-
- /*
- * Free our handshake params
- */
- mbedtls_ssl_handshake_free( ssl );
- mbedtls_free( ssl->handshake );
- ssl->handshake = NULL;
-
- /*
- * Free the previous transform and swith in the current one
- */
- if( ssl->transform )
- {
- mbedtls_ssl_transform_free( ssl->transform );
- mbedtls_free( ssl->transform );
- }
- ssl->transform = ssl->transform_negotiate;
- ssl->transform_negotiate = NULL;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
-}
-
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
-{
- int resume = ssl->handshake->resume;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
- ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE;
- ssl->renego_records_seen = 0;
- }
-#endif
-
- /*
- * Free the previous session and switch in the current one
- */
- if( ssl->session )
- {
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- /* RFC 7366 3.1: keep the EtM state */
- ssl->session_negotiate->encrypt_then_mac =
- ssl->session->encrypt_then_mac;
-#endif
-
- mbedtls_ssl_session_free( ssl->session );
- mbedtls_free( ssl->session );
- }
- ssl->session = ssl->session_negotiate;
- ssl->session_negotiate = NULL;
-
- /*
- * Add cache entry
- */
- if( ssl->conf->f_set_cache != NULL &&
- ssl->session->id_len != 0 &&
- resume == 0 )
- {
- if( ssl->conf->f_set_cache( ssl->conf->p_cache,
- ssl->session->id,
- ssl->session->id_len,
- ssl->session ) != 0 )
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
- }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->flight != NULL )
- {
- /* Cancel handshake timer */
- mbedtls_ssl_set_timer( ssl, 0 );
-
- /* Keep last flight around in case we need to resend it:
- * we need the handshake and transform structures for that */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
- }
- else
-#endif
- mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
-
- ssl->state++;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
-}
-
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
-{
- int ret, hash_len;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
-
- mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate );
-
- ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
-
- /*
- * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
- * may define some other value. Currently (early 2016), no defined
- * ciphersuite does this (and this is unlikely to change as activity has
- * moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
- */
- hash_len = 12;
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl->verify_data_len = hash_len;
- memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
-#endif
-
- ssl->out_msglen = 4 + hash_len;
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
-
- /*
- * In case of session resuming, invert the client and server
- * ChangeCipherSpec messages order.
- */
- if( ssl->handshake->resume != 0 )
- {
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
-#endif
- }
- else
- ssl->state++;
-
- /*
- * Switch to our negotiated transform and session parameters for outbound
- * data.
- */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- unsigned char i;
-
- /* Remember current epoch settings for resending */
- ssl->handshake->alt_transform_out = ssl->transform_out;
- memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
- sizeof( ssl->handshake->alt_out_ctr ) );
-
- /* Set sequence_number to zero */
- memset( &ssl->cur_out_ctr[2], 0, sizeof( ssl->cur_out_ctr ) - 2 );
-
-
- /* Increment epoch */
- for( i = 2; i > 0; i-- )
- if( ++ssl->cur_out_ctr[i - 1] != 0 )
- break;
-
- /* The loop goes to its end iff the counter is wrapping */
- if( i == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
- }
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
- memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
-
- ssl->transform_out = ssl->transform_negotiate;
- ssl->session_out = ssl->session_negotiate;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_send_flight_completed( ssl );
-#endif
-
- if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
- return( ret );
- }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
- return( ret );
- }
-#endif
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
-
- return( 0 );
-}
-
-#define SSL_MAX_HASH_LEN 12
-
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned int hash_len = 12;
- unsigned char buf[SSL_MAX_HASH_LEN];
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
-
- ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
-
- if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- goto exit;
- }
-
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
- goto exit;
- }
-
- if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
- ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
- goto exit;
- }
-
- if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- ret = MBEDTLS_ERR_SSL_DECODE_ERROR;
- goto exit;
- }
-
- if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
- buf, hash_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
- ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
- goto exit;
- }
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl->verify_data_len = hash_len;
- memcpy( ssl->peer_verify_data, buf, hash_len );
-#endif
-
- if( ssl->handshake->resume != 0 )
- {
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-#endif
- }
- else
- ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- mbedtls_ssl_recv_flight_completed( ssl );
-#endif
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
-
-exit:
- mbedtls_platform_zeroize( buf, hash_len );
- return( ret );
-}
static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
{
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha256_psa = psa_hash_operation_init();
@@ -2986,7 +561,6 @@
mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
#endif
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
handshake->update_checksum = ssl_update_checksum_start;
@@ -4959,177 +2533,6 @@
*
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-/* Serialization of TLS 1.2 sessions:
- *
- * struct {
- * uint64 start_time;
- * uint8 ciphersuite[2]; // defined by the standard
- * uint8 compression; // 0 or 1
- * uint8 session_id_len; // at most 32
- * opaque session_id[32];
- * opaque master[48]; // fixed length in the standard
- * uint32 verify_result;
- * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
- * opaque ticket<0..2^24-1>; // length 0 means no ticket
- * uint32 ticket_lifetime;
- * uint8 mfl_code; // up to 255 according to standard
- * uint8 encrypt_then_mac; // 0 or 1
- * } serialized_session_tls12;
- *
- */
-static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t buf_len )
-{
- unsigned char *p = buf;
- size_t used = 0;
-
-#if defined(MBEDTLS_HAVE_TIME)
- uint64_t start;
-#endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- size_t cert_len;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- /*
- * Time
- */
-#if defined(MBEDTLS_HAVE_TIME)
- used += 8;
-
- if( used <= buf_len )
- {
- start = (uint64_t) session->start;
-
- MBEDTLS_PUT_UINT64_BE( start, p, 0 );
- p += 8;
- }
-#endif /* MBEDTLS_HAVE_TIME */
-
- /*
- * Basic mandatory fields
- */
- used += 2 /* ciphersuite */
- + 1 /* compression */
- + 1 /* id_len */
- + sizeof( session->id )
- + sizeof( session->master )
- + 4; /* verify_result */
-
- if( used <= buf_len )
- {
- MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
- p += 2;
-
- *p++ = MBEDTLS_BYTE_0( session->compression );
-
- *p++ = MBEDTLS_BYTE_0( session->id_len );
- memcpy( p, session->id, 32 );
- p += 32;
-
- memcpy( p, session->master, 48 );
- p += 48;
-
- MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 );
- p += 4;
- }
-
- /*
- * Peer's end-entity certificate
- */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- if( session->peer_cert == NULL )
- cert_len = 0;
- else
- cert_len = session->peer_cert->raw.len;
-
- used += 3 + cert_len;
-
- if( used <= buf_len )
- {
- *p++ = MBEDTLS_BYTE_2( cert_len );
- *p++ = MBEDTLS_BYTE_1( cert_len );
- *p++ = MBEDTLS_BYTE_0( cert_len );
-
- if( session->peer_cert != NULL )
- {
- memcpy( p, session->peer_cert->raw.p, cert_len );
- p += cert_len;
- }
- }
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( session->peer_cert_digest != NULL )
- {
- used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len;
- if( used <= buf_len )
- {
- *p++ = (unsigned char) session->peer_cert_digest_type;
- *p++ = (unsigned char) session->peer_cert_digest_len;
- memcpy( p, session->peer_cert_digest,
- session->peer_cert_digest_len );
- p += session->peer_cert_digest_len;
- }
- }
- else
- {
- used += 2;
- if( used <= buf_len )
- {
- *p++ = (unsigned char) MBEDTLS_MD_NONE;
- *p++ = 0;
- }
- }
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- /*
- * Session ticket if any, plus associated data
- */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
-
- if( used <= buf_len )
- {
- *p++ = MBEDTLS_BYTE_2( session->ticket_len );
- *p++ = MBEDTLS_BYTE_1( session->ticket_len );
- *p++ = MBEDTLS_BYTE_0( session->ticket_len );
-
- if( session->ticket != NULL )
- {
- memcpy( p, session->ticket, session->ticket_len );
- p += session->ticket_len;
- }
-
- MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
- p += 4;
- }
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
- /*
- * Misc extension-related info
- */
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- used += 1;
-
- if( used <= buf_len )
- *p++ = session->mfl_code;
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- used += 1;
-
- if( used <= buf_len )
- *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac );
-#endif
-
- return( used );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
static int ssl_session_save( const mbedtls_ssl_session *session,
unsigned char omit_header,
unsigned char *buf,
@@ -5204,205 +2607,6 @@
* This internal version is wrapped by a public function that cleans up in
* case of error, and has an extra option omit_header.
*/
-static int ssl_session_load_tls12( mbedtls_ssl_session *session,
- const unsigned char *buf,
- size_t len )
-{
-#if defined(MBEDTLS_HAVE_TIME)
- uint64_t start;
-#endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- size_t cert_len;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- const unsigned char *p = buf;
- const unsigned char * const end = buf + len;
-
- /*
- * Time
- */
-#if defined(MBEDTLS_HAVE_TIME)
- if( 8 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- start = ( (uint64_t) p[0] << 56 ) |
- ( (uint64_t) p[1] << 48 ) |
- ( (uint64_t) p[2] << 40 ) |
- ( (uint64_t) p[3] << 32 ) |
- ( (uint64_t) p[4] << 24 ) |
- ( (uint64_t) p[5] << 16 ) |
- ( (uint64_t) p[6] << 8 ) |
- ( (uint64_t) p[7] );
- p += 8;
-
- session->start = (time_t) start;
-#endif /* MBEDTLS_HAVE_TIME */
-
- /*
- * Basic mandatory fields
- */
- if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->ciphersuite = ( p[0] << 8 ) | p[1];
- p += 2;
-
- session->compression = *p++;
-
- session->id_len = *p++;
- memcpy( session->id, p, 32 );
- p += 32;
-
- memcpy( session->master, p, 48 );
- p += 48;
-
- session->verify_result = ( (uint32_t) p[0] << 24 ) |
- ( (uint32_t) p[1] << 16 ) |
- ( (uint32_t) p[2] << 8 ) |
- ( (uint32_t) p[3] );
- p += 4;
-
- /* Immediately clear invalid pointer values that have been read, in case
- * we exit early before we replaced them with valid ones. */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- session->peer_cert = NULL;
-#else
- session->peer_cert_digest = NULL;
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- session->ticket = NULL;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
- /*
- * Peer certificate
- */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- /* Deserialize CRT from the end of the ticket. */
- if( 3 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
- p += 3;
-
- if( cert_len != 0 )
- {
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- if( cert_len > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
-
- if( session->peer_cert == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- mbedtls_x509_crt_init( session->peer_cert );
-
- if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
- p, cert_len ) ) != 0 )
- {
- mbedtls_x509_crt_free( session->peer_cert );
- mbedtls_free( session->peer_cert );
- session->peer_cert = NULL;
- return( ret );
- }
-
- p += cert_len;
- }
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- /* Deserialize CRT digest from the end of the ticket. */
- if( 2 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->peer_cert_digest_type = (mbedtls_md_type_t) *p++;
- session->peer_cert_digest_len = (size_t) *p++;
-
- if( session->peer_cert_digest_len != 0 )
- {
- const mbedtls_md_info_t *md_info =
- mbedtls_md_info_from_type( session->peer_cert_digest_type );
- if( md_info == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( session->peer_cert_digest_len > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->peer_cert_digest =
- mbedtls_calloc( 1, session->peer_cert_digest_len );
- if( session->peer_cert_digest == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- memcpy( session->peer_cert_digest, p,
- session->peer_cert_digest_len );
- p += session->peer_cert_digest_len;
- }
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- /*
- * Session ticket and associated data
- */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- if( 3 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
- p += 3;
-
- if( session->ticket_len != 0 )
- {
- if( session->ticket_len > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->ticket = mbedtls_calloc( 1, session->ticket_len );
- if( session->ticket == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- memcpy( session->ticket, p, session->ticket_len );
- p += session->ticket_len;
- }
-
- if( 4 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) |
- ( (uint32_t) p[1] << 16 ) |
- ( (uint32_t) p[2] << 8 ) |
- ( (uint32_t) p[3] );
- p += 4;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
- /*
- * Misc extension-related info
- */
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( 1 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->mfl_code = *p++;
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( 1 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->encrypt_then_mac = *p++;
-#endif
-
- /* Done, should have consumed entire buffer */
- if( p != end )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- return( 0 );
-}
-
static int ssl_session_load( mbedtls_ssl_session *session,
unsigned char omit_header,
const unsigned char *buf,
@@ -5772,7 +2976,6 @@
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &handshake->fin_sha256_psa );
@@ -5787,7 +2990,6 @@
mbedtls_sha512_free( &handshake->fin_sha512 );
#endif
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_free( &handshake->dhm_ctx );
@@ -6203,28 +3405,6 @@
}
/*
- * Helper to get TLS 1.2 PRF from ciphersuite
- * (Duplicates bits of logic from ssl_set_handshake_prfs().)
- */
-typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen );
-static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
-{
-#if defined(MBEDTLS_SHA384_C)
- const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
-
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- return( tls_prf_sha384 );
-#else
- (void) ciphersuite_id;
-#endif
- return( tls_prf_sha256 );
-}
-
-/*
* Deserialize context, see mbedtls_ssl_context_save() for format.
*
* This internal version is wrapped by a public function that cleans up in
@@ -6328,7 +3508,7 @@
/* Read random bytes and populate structure */
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
ret = ssl_tls12_populate_transform( ssl->transform,
ssl->session->ciphersuite,
ssl->session->master,
@@ -6344,7 +3524,7 @@
ssl );
if( ret != 0 )
return( ret );
-
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
p += sizeof( ssl->transform->randbytes );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -6933,7 +4113,12 @@
conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ /* Hybrid TLS 1.2/1.3 is not supported yet */
+ conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
+#else
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
@@ -6972,7 +4157,12 @@
MBEDTLS_SSL_MIN_MINOR_VERSION :
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ /* Hybrid TLS 1.2/1.3 is not supported yet */
+ conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
+#else
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
@@ -7093,57 +4283,6 @@
}
#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg )
-{
- switch( sig_alg )
- {
- case MBEDTLS_PK_RSA:
- return( set->rsa );
- case MBEDTLS_PK_ECDSA:
- return( set->ecdsa );
- default:
- return( MBEDTLS_MD_NONE );
- }
-}
-
-/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_pk_type_t sig_alg,
- mbedtls_md_type_t md_alg )
-{
- switch( sig_alg )
- {
- case MBEDTLS_PK_RSA:
- if( set->rsa == MBEDTLS_MD_NONE )
- set->rsa = md_alg;
- break;
-
- case MBEDTLS_PK_ECDSA:
- if( set->ecdsa == MBEDTLS_MD_NONE )
- set->ecdsa = md_alg;
- break;
-
- default:
- break;
- }
-}
-
-/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
- mbedtls_md_type_t md_alg )
-{
- set->rsa = md_alg;
- set->ecdsa = md_alg;
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
/*
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
*/
@@ -7352,131 +4491,6 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg )
-{
- psa_status_t status;
- psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
- psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
-
- if( ( status = psa_hash_setup( &hash_operation,
- hash_alg ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
- goto exit;
- }
-
- if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
- 64 ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
- goto exit;
- }
-
- if( ( status = psa_hash_update( &hash_operation,
- data, data_len ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
- goto exit;
- }
-
- if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
- hashlen ) ) != PSA_SUCCESS )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
- goto exit;
- }
-
-exit:
- if( status != PSA_SUCCESS )
- {
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- switch( status )
- {
- case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
- case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
- case PSA_ERROR_BUFFER_TOO_SMALL:
- return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return( MBEDTLS_ERR_MD_ALLOC_FAILED );
- default:
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
- }
- }
- return( 0 );
-}
-
-#else
-
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg )
-{
- int ret = 0;
- mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- *hashlen = mbedtls_md_get_size( md_info );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
-
- mbedtls_md_init( &ctx );
-
- /*
- * digitally-signed struct {
- * opaque client_random[32];
- * opaque server_random[32];
- * ServerDHParams params;
- * };
- */
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
- goto exit;
- }
- if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
- goto exit;
- }
-
-exit:
- mbedtls_md_free( &ctx );
-
- if( ret != 0 )
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-
- return( ret );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md,
@@ -7837,4 +4851,3086 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t hostname_len;
+
+ *olen = 0;
+
+ if( ssl->hostname == NULL )
+ return( 0 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding server name extension: %s",
+ ssl->hostname ) );
+
+ hostname_len = strlen( ssl->hostname );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
+
+ /*
+ * Sect. 3, RFC 6066 (TLS Extensions Definitions)
+ *
+ * In order to provide any of the server names, clients MAY include an
+ * extension of type "server_name" in the (extended) client hello. The
+ * "extension_data" field of this extension SHALL contain
+ * "ServerNameList" where:
+ *
+ * struct {
+ * NameType name_type;
+ * select (name_type) {
+ * case host_name: HostName;
+ * } name;
+ * } ServerName;
+ *
+ * enum {
+ * host_name(0), (255)
+ * } NameType;
+ *
+ * opaque HostName<1..2^16-1>;
+ *
+ * struct {
+ * ServerName server_name_list<1..2^16-1>
+ * } ServerNameList;
+ *
+ */
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
+ p += 2;
+
+ MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
+ p += 2;
+
+ MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
+ p += 2;
+
+ *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
+
+ MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
+ p += 2;
+
+ memcpy( p, ssl->hostname, hostname_len );
+
+ *olen = hostname_len + 9;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const unsigned char* seed, size_t seed_length,
+ const unsigned char* label, size_t label_length,
+ size_t capacity )
+{
+ psa_status_t status;
+
+ status = psa_key_derivation_setup( derivation, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
+ {
+ status = psa_key_derivation_input_bytes( derivation,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ seed, seed_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ if( mbedtls_svc_key_id_is_null( key ) )
+ {
+ status = psa_key_derivation_input_bytes(
+ derivation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ NULL, 0 );
+ }
+ else
+ {
+ status = psa_key_derivation_input_key(
+ derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key );
+ }
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_key_derivation_input_bytes( derivation,
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+ label, label_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+ else
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ status = psa_key_derivation_set_capacity( derivation, capacity );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ return( PSA_SUCCESS );
+}
+
+static int tls_prf_generic( mbedtls_md_type_t md_type,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ psa_status_t status;
+ psa_algorithm_t alg;
+ mbedtls_svc_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_derivation_operation_t derivation =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ if( md_type == MBEDTLS_MD_SHA384 )
+ alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384);
+ else
+ alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256);
+
+ /* Normally a "secret" should be long enough to be impossible to
+ * find by brute force, and in particular should not be empty. But
+ * this PRF is also used to derive an IV, in particular in EAP-TLS,
+ * and for this use case it makes sense to have a 0-length "secret".
+ * Since the key API doesn't allow importing a key of length 0,
+ * keep master_key=0, which setup_psa_key_derivation() understands
+ * to mean a 0-length "secret" input. */
+ if( slen != 0 )
+ {
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, alg );
+ psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
+
+ status = psa_import_key( &key_attributes, secret, slen, &master_key );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = setup_psa_key_derivation( &derivation,
+ master_key, alg,
+ random, rlen,
+ (unsigned char const *) label,
+ (size_t) strlen( label ),
+ dlen );
+ if( status != PSA_SUCCESS )
+ {
+ psa_key_derivation_abort( &derivation );
+ psa_destroy_key( master_key );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen );
+ if( status != PSA_SUCCESS )
+ {
+ psa_key_derivation_abort( &derivation );
+ psa_destroy_key( master_key );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_key_derivation_abort( &derivation );
+ if( status != PSA_SUCCESS )
+ {
+ psa_destroy_key( master_key );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ if( ! mbedtls_svc_key_id_is_null( master_key ) )
+ status = psa_destroy_key( master_key );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ return( 0 );
+}
+
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
+static int tls_prf_generic( mbedtls_md_type_t md_type,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ size_t nb;
+ size_t i, j, k, md_len;
+ unsigned char *tmp;
+ size_t tmp_len = 0;
+ unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info;
+ mbedtls_md_context_t md_ctx;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ mbedtls_md_init( &md_ctx );
+
+ if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ md_len = mbedtls_md_get_size( md_info );
+
+ tmp_len = md_len + strlen( label ) + rlen;
+ tmp = mbedtls_calloc( 1, tmp_len );
+ if( tmp == NULL )
+ {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+
+ nb = strlen( label );
+ memcpy( tmp + md_len, label, nb );
+ memcpy( tmp + md_len + nb, random, rlen );
+ nb += rlen;
+
+ /*
+ * Compute P_<hash>(secret, label + random)[0..dlen]
+ */
+ if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+ goto exit;
+
+ ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
+ if( ret != 0 )
+ goto exit;
+
+ for( i = 0; i < dlen; i += md_len )
+ {
+ ret = mbedtls_md_hmac_reset ( &md_ctx );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
+ if( ret != 0 )
+ goto exit;
+
+ ret = mbedtls_md_hmac_reset ( &md_ctx );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
+ if( ret != 0 )
+ goto exit;
+
+ k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
+
+ for( j = 0; j < k; j++ )
+ dstbuf[i + j] = h_i[j];
+ }
+
+exit:
+ mbedtls_md_free( &md_ctx );
+
+ mbedtls_platform_zeroize( tmp, tmp_len );
+ mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
+
+ mbedtls_free( tmp );
+
+ return( ret );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_SHA256_C)
+static int tls_prf_sha256( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
+ label, random, rlen, dstbuf, dlen ) );
+}
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+static int tls_prf_sha384( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
+ label, random, rlen, dstbuf, dlen ) );
+}
+#endif /* MBEDTLS_SHA384_C */
+
+/*
+ * Set appropriate PRF function and other SSL / TLS1.2 functions
+ *
+ * Inputs:
+ * - SSL/TLS minor version
+ * - hash associated with the ciphersuite (only used by TLS 1.2)
+ *
+ * Outputs:
+ * - the tls_prf, calc_verify and calc_finished members of handshake structure
+ */
+static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
+ int minor_ver,
+ mbedtls_md_type_t hash )
+{
+
+#if defined(MBEDTLS_SHA384_C)
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+ hash == MBEDTLS_MD_SHA384 )
+ {
+ handshake->tls_prf = tls_prf_sha384;
+ handshake->calc_verify = ssl_calc_verify_tls_sha384;
+ handshake->calc_finished = ssl_calc_finished_tls_sha384;
+ }
+ else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ handshake->tls_prf = tls_prf_sha256;
+ handshake->calc_verify = ssl_calc_verify_tls_sha256;
+ handshake->calc_finished = ssl_calc_finished_tls_sha256;
+ }
+ else
+#endif
+ {
+ (void) hash;
+ (void) minor_ver;
+ (void) handshake;
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
+{
+ if( ssl->conf->f_psk != NULL )
+ {
+ /* If we've used a callback to select the PSK,
+ * the static configuration is irrelevant. */
+ if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
+ return( 1 );
+
+ return( 0 );
+ }
+
+ if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
+ return( 1 );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+/*
+ * Compute master secret if needed
+ *
+ * Parameters:
+ * [in/out] handshake
+ * [in] resume, premaster, extended_ms, calc_verify, tls_prf
+ * (PSA-PSK) ciphersuite_info, psk_opaque
+ * [out] premaster (cleared)
+ * [out] master
+ * [in] ssl: optionally used for debugging, EMS and PSA-PSK
+ * debug: conf->f_dbg, conf->p_dbg
+ * EMS: passed to calc_verify (debug + session_negotiate)
+ * PSA-PSA: minor_ver, conf
+ */
+static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
+ unsigned char *master,
+ const mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ /* cf. RFC 5246, Section 8.1:
+ * "The master secret is always exactly 48 bytes in length." */
+ size_t const master_secret_len = 48;
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ unsigned char session_hash[48];
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+ /* The label for the KDF used for key expansion.
+ * This is either "master secret" or "extended master secret"
+ * depending on whether the Extended Master Secret extension
+ * is used. */
+ char const *lbl = "master secret";
+
+ /* The salt for the KDF used for key expansion.
+ * - If the Extended Master Secret extension is not used,
+ * this is ClientHello.Random + ServerHello.Random
+ * (see Sect. 8.1 in RFC 5246).
+ * - If the Extended Master Secret extension is used,
+ * this is the transcript of the handshake so far.
+ * (see Sect. 4 in RFC 7627). */
+ unsigned char const *salt = handshake->randbytes;
+ size_t salt_len = 64;
+
+#if !defined(MBEDTLS_DEBUG_C) && \
+ !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
+ !(defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
+ ssl = NULL; /* make sure we don't use it except for those cases */
+ (void) ssl;
+#endif
+
+ if( handshake->resume != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
+ return( 0 );
+ }
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
+ {
+ lbl = "extended master secret";
+ salt = session_hash;
+ handshake->calc_verify( ssl, session_hash, &salt_len );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret",
+ session_hash, salt_len );
+ }
+#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+ ssl_use_opaque_psk( ssl ) == 1 )
+ {
+ /* Perform PSK-to-MS expansion in a single step. */
+ psa_status_t status;
+ psa_algorithm_t alg;
+ mbedtls_svc_key_id_t psk;
+ psa_key_derivation_operation_t derivation =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+ mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
+
+ psk = mbedtls_ssl_get_opaque_psk( ssl );
+
+ if( hash_alg == MBEDTLS_MD_SHA384 )
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+ else
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+
+ status = setup_psa_key_derivation( &derivation, psk, alg,
+ salt, salt_len,
+ (unsigned char const *) lbl,
+ (size_t) strlen( lbl ),
+ master_secret_len );
+ if( status != PSA_SUCCESS )
+ {
+ psa_key_derivation_abort( &derivation );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_key_derivation_output_bytes( &derivation,
+ master,
+ master_secret_len );
+ if( status != PSA_SUCCESS )
+ {
+ psa_key_derivation_abort( &derivation );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_key_derivation_abort( &derivation );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+ else
+#endif
+ {
+ ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
+ lbl, salt, salt_len,
+ master,
+ master_secret_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret",
+ handshake->premaster,
+ handshake->pmslen );
+
+ mbedtls_platform_zeroize( handshake->premaster,
+ sizeof(handshake->premaster) );
+ }
+
+ return( 0 );
+}
+
+int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
+
+ /* Set PRF, calc_verify and calc_finished function pointers */
+ ret = ssl_set_handshake_prfs( ssl->handshake,
+ ssl->minor_ver,
+ ciphersuite_info->mac );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret );
+ return( ret );
+ }
+
+ /* Compute master secret if needed */
+ ret = ssl_compute_master( ssl->handshake,
+ ssl->session_negotiate->master,
+ ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret );
+ return( ret );
+ }
+
+ /* Swap the client and server random values:
+ * - MS derivation wanted client+server (RFC 5246 8.1)
+ * - key derivation wants server+client (RFC 5246 6.3) */
+ {
+ unsigned char tmp[64];
+ memcpy( tmp, ssl->handshake->randbytes, 64 );
+ memcpy( ssl->handshake->randbytes, tmp + 32, 32 );
+ memcpy( ssl->handshake->randbytes + 32, tmp, 32 );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ }
+
+ /* Populate transform structure */
+ ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
+ ssl->session_negotiate->ciphersuite,
+ ssl->session_negotiate->master,
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+ defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ ssl->session_negotiate->encrypt_then_mac,
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ ssl->handshake->tls_prf,
+ ssl->handshake->randbytes,
+ ssl->minor_ver,
+ ssl->conf->endpoint,
+ ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret );
+ return( ret );
+ }
+
+ /* We no longer need Server/ClientHello.random values */
+ mbedtls_platform_zeroize( ssl->handshake->randbytes,
+ sizeof( ssl->handshake->randbytes ) );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SHA256_C)
+void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_status_t status;
+ psa_hash_operation_t sha256_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+ status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+
+ *hlen = 32;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+#else
+ mbedtls_sha256_context sha256;
+
+ mbedtls_sha256_init( &sha256 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
+
+ mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+ mbedtls_sha256_finish( &sha256, hash );
+
+ *hlen = 32;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+ mbedtls_sha256_free( &sha256 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ return;
+}
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_status_t status;
+ psa_hash_operation_t sha384_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) );
+ status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+
+ *hlen = 48;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+#else
+ mbedtls_sha512_context sha512;
+
+ mbedtls_sha512_init( &sha512 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
+
+ mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+ mbedtls_sha512_finish( &sha512, hash );
+
+ *hlen = 48;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+ mbedtls_sha512_free( &sha512 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ return;
+}
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
+{
+ unsigned char *p = ssl->handshake->premaster;
+ unsigned char *end = p + sizeof( ssl->handshake->premaster );
+ const unsigned char *psk = NULL;
+ size_t psk_len = 0;
+
+ if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
+ == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
+ {
+ /*
+ * This should never happen because the existence of a PSK is always
+ * checked before calling this function
+ */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /*
+ * PMS = struct {
+ * opaque other_secret<0..2^16-1>;
+ * opaque psk<0..2^16-1>;
+ * };
+ * with "other_secret" depending on the particular key exchange
+ */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
+ {
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+ p += 2;
+
+ if( end < p || (size_t)( end - p ) < psk_len )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ memset( p, 0, psk_len );
+ p += psk_len;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+ {
+ /*
+ * other_secret already set by the ClientKeyExchange message,
+ * and is 48 bytes long
+ */
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ *p++ = 0;
+ *p++ = 48;
+ p += 48;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+ {
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len;
+
+ /* Write length only when we know the actual value */
+ if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
+ p + 2, end - ( p + 2 ), &len,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
+ return( ret );
+ }
+ MBEDTLS_PUT_UINT16_BE( len, p, 0 );
+ p += 2 + len;
+
+ MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t zlen;
+
+ if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
+ p + 2, end - ( p + 2 ),
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+ return( ret );
+ }
+
+ MBEDTLS_PUT_UINT16_BE( zlen, p, 0 );
+ p += 2 + zlen;
+
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Z );
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* opaque psk<0..2^16-1>; */
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+ p += 2;
+
+ if( end < p || (size_t)( end - p ) < psk_len )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ memcpy( p, psk, psk_len );
+ p += psk_len;
+
+ ssl->handshake->pmslen = p - ssl->handshake->premaster;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
+static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl )
+{
+ /* If renegotiation is not enforced, retransmit until we would reach max
+ * timeout if we were using the usual handshake doubling scheme */
+ if( ssl->conf->renego_max_records < 0 )
+ {
+ uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
+ unsigned char doublings = 1;
+
+ while( ratio != 0 )
+ {
+ ++doublings;
+ ratio >>= 1;
+ }
+
+ if( ++ssl->renego_records_seen > doublings )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
+ return( 0 );
+ }
+ }
+
+ return( ssl_write_hello_request( ssl ) );
+}
+#endif
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
+
+/*
+ * Handshake functions
+ */
+#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/* No certificate support -> dummy functions */
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+{
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+{
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+/* Some certificate support -> implement write and parse */
+
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t i, n;
+ const mbedtls_x509_crt *crt;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ if( ssl->handshake->client_auth == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+ ssl->state++;
+ return( 0 );
+ }
+ }
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ if( mbedtls_ssl_own_cert( ssl ) == NULL )
+ {
+ /* Should never happen because we shouldn't have picked the
+ * ciphersuite if we don't have a certificate. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ }
+#endif
+
+ MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
+
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 6 length of all certs
+ * 7 . 9 length of cert. 1
+ * 10 . n-1 peer certificate
+ * n . n+2 length of cert. 2
+ * n+3 . ... upper level cert, etc.
+ */
+ i = 7;
+ crt = mbedtls_ssl_own_cert( ssl );
+
+ while( crt != NULL )
+ {
+ n = crt->raw.len;
+ if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
+ " > %" MBEDTLS_PRINTF_SIZET,
+ i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ ssl->out_msg[i ] = MBEDTLS_BYTE_2( n );
+ ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n );
+ ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n );
+
+ i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
+ i += n; crt = crt->next;
+ }
+
+ ssl->out_msg[4] = MBEDTLS_BYTE_2( i - 7 );
+ ssl->out_msg[5] = MBEDTLS_BYTE_1( i - 7 );
+ ssl->out_msg[6] = MBEDTLS_BYTE_0( i - 7 );
+
+ ssl->out_msglen = i;
+ ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE;
+
+ ssl->state++;
+
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
+
+ return( ret );
+}
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
+ unsigned char *crt_buf,
+ size_t crt_buf_len )
+{
+ mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
+
+ if( peer_crt == NULL )
+ return( -1 );
+
+ if( peer_crt->raw.len != crt_buf_len )
+ return( -1 );
+
+ return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) );
+}
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
+ unsigned char *crt_buf,
+ size_t crt_buf_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char const * const peer_cert_digest =
+ ssl->session->peer_cert_digest;
+ mbedtls_md_type_t const peer_cert_digest_type =
+ ssl->session->peer_cert_digest_type;
+ mbedtls_md_info_t const * const digest_info =
+ mbedtls_md_info_from_type( peer_cert_digest_type );
+ unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
+ size_t digest_len;
+
+ if( peer_cert_digest == NULL || digest_info == NULL )
+ return( -1 );
+
+ digest_len = mbedtls_md_get_size( digest_info );
+ if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
+ return( -1 );
+
+ ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
+ if( ret != 0 )
+ return( -1 );
+
+ return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
+}
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
+/*
+ * Once the certificate message is read, parse it into a cert chain and
+ * perform basic checks, but leave actual verification to the caller
+ */
+static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *chain )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+ int crt_cnt=0;
+#endif
+ size_t i, n;
+ uint8_t alert;
+
+ if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE )
+ {
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ }
+
+ if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ i = mbedtls_ssl_hs_hdr_len( ssl );
+
+ /*
+ * Same message structure as in mbedtls_ssl_write_certificate()
+ */
+ n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
+
+ if( ssl->in_msg[i] != 0 ||
+ ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
+ i += 3;
+
+ /* Iterate through and parse the CRTs in the provided chain. */
+ while( i < ssl->in_hslen )
+ {
+ /* Check that there's room for the next CRT's length fields. */
+ if ( i + 3 > ssl->in_hslen ) {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+ /* In theory, the CRT can be up to 2**24 Bytes, but we don't support
+ * anything beyond 2**16 ~ 64K. */
+ if( ssl->in_msg[i] != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT );
+ return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+ }
+
+ /* Read length of the next CRT in the chain. */
+ n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
+ | (unsigned int) ssl->in_msg[i + 2];
+ i += 3;
+
+ if( n < 128 || i + n > ssl->in_hslen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ /* Check if we're handling the first CRT in the chain. */
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+ if( crt_cnt++ == 0 &&
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+ {
+ /* During client-side renegotiation, check that the server's
+ * end-CRTs hasn't changed compared to the initial handshake,
+ * mitigating the triple handshake attack. On success, reuse
+ * the original end-CRT instead of parsing it again. */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
+ if( ssl_check_peer_crt_unchanged( ssl,
+ &ssl->in_msg[i],
+ n ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
+ return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+ }
+
+ /* Now we can safely free the original chain. */
+ ssl_clear_peer_cert( ssl->session );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
+ /* Parse the next certificate in the chain. */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
+#else
+ /* If we don't need to store the CRT chain permanently, parse
+ * it in-place from the input buffer instead of making a copy. */
+ ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ switch( ret )
+ {
+ case 0: /*ok*/
+ case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+ /* Ignore certificate with an unknown algorithm: maybe a
+ prior certificate was already trusted. */
+ break;
+
+ case MBEDTLS_ERR_X509_ALLOC_FAILED:
+ alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
+ goto crt_parse_der_failed;
+
+ case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ goto crt_parse_der_failed;
+
+ default:
+ alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
+ crt_parse_der_failed:
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
+ MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+ return( ret );
+ }
+
+ i += n;
+ }
+
+ MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain );
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_SRV_C)
+static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
+{
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ return( -1 );
+
+ if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
+ ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
+ memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
+ return( 0 );
+ }
+ return( -1 );
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+/* Check if a certificate message is expected.
+ * Return either
+ * - SSL_CERTIFICATE_EXPECTED, or
+ * - SSL_CERTIFICATE_SKIP
+ * indicating whether a Certificate message is expected or not.
+ */
+#define SSL_CERTIFICATE_EXPECTED 0
+#define SSL_CERTIFICATE_SKIP 1
+static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
+ int authmode )
+{
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
+ return( SSL_CERTIFICATE_SKIP );
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+ return( SSL_CERTIFICATE_SKIP );
+
+ if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+ {
+ ssl->session_negotiate->verify_result =
+ MBEDTLS_X509_BADCERT_SKIP_VERIFY;
+ return( SSL_CERTIFICATE_SKIP );
+ }
+ }
+#else
+ ((void) authmode);
+#endif /* MBEDTLS_SSL_SRV_C */
+
+ return( SSL_CERTIFICATE_EXPECTED );
+}
+
+static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
+ int authmode,
+ mbedtls_x509_crt *chain,
+ void *rs_ctx )
+{
+ int ret = 0;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+ int have_ca_chain = 0;
+
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *p_vrfy;
+
+ if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+ return( 0 );
+
+ if( ssl->f_vrfy != NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) );
+ f_vrfy = ssl->f_vrfy;
+ p_vrfy = ssl->p_vrfy;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) );
+ f_vrfy = ssl->conf->f_vrfy;
+ p_vrfy = ssl->conf->p_vrfy;
+ }
+
+ /*
+ * Main check: verify certificate
+ */
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if( ssl->conf->f_ca_cb != NULL )
+ {
+ ((void) rs_ctx);
+ have_ca_chain = 1;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) );
+ ret = mbedtls_x509_crt_verify_with_ca_cb(
+ chain,
+ ssl->conf->f_ca_cb,
+ ssl->conf->p_ca_cb,
+ ssl->conf->cert_profile,
+ ssl->hostname,
+ &ssl->session_negotiate->verify_result,
+ f_vrfy, p_vrfy );
+ }
+ else
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+ {
+ mbedtls_x509_crt *ca_chain;
+ mbedtls_x509_crl *ca_crl;
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ if( ssl->handshake->sni_ca_chain != NULL )
+ {
+ ca_chain = ssl->handshake->sni_ca_chain;
+ ca_crl = ssl->handshake->sni_ca_crl;
+ }
+ else
+#endif
+ {
+ ca_chain = ssl->conf->ca_chain;
+ ca_crl = ssl->conf->ca_crl;
+ }
+
+ if( ca_chain != NULL )
+ have_ca_chain = 1;
+
+ ret = mbedtls_x509_crt_verify_restartable(
+ chain,
+ ca_chain, ca_crl,
+ ssl->conf->cert_profile,
+ ssl->hostname,
+ &ssl->session_negotiate->verify_result,
+ f_vrfy, p_vrfy, rs_ctx );
+ }
+
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+ }
+
+#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+#endif
+
+ /*
+ * Secondary checks: always done, but change 'ret' only if it was 0
+ */
+
+#if defined(MBEDTLS_ECP_C)
+ {
+ const mbedtls_pk_context *pk = &chain->pk;
+
+ /* If certificate uses an EC key, make sure the curve is OK */
+ if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
+ mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
+ {
+ ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
+ if( ret == 0 )
+ ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+ }
+ }
+#endif /* MBEDTLS_ECP_C */
+
+ if( mbedtls_ssl_check_cert_usage( chain,
+ ciphersuite_info,
+ ! ssl->conf->endpoint,
+ &ssl->session_negotiate->verify_result ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
+ if( ret == 0 )
+ ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+ }
+
+ /* mbedtls_x509_crt_verify_with_profile is supposed to report a
+ * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
+ * with details encoded in the verification flags. All other kinds
+ * of error codes, including those from the user provided f_vrfy
+ * functions, are treated as fatal and lead to a failure of
+ * ssl_parse_certificate even if verification was optional. */
+ if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
+ ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+ ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) )
+ {
+ ret = 0;
+ }
+
+ if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+ ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
+ }
+
+ if( ret != 0 )
+ {
+ uint8_t alert;
+
+ /* The certificate may have been rejected for several reasons.
+ Pick one and send the corresponding alert. Which alert to send
+ may be a subject of debate in some cases. */
+ if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
+ alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
+ alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
+ alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
+ alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
+ else
+ alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ alert );
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ if( ssl->session_negotiate->verify_result != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
+ (unsigned int) ssl->session_negotiate->verify_result ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
+ }
+#endif /* MBEDTLS_DEBUG_C */
+
+ return( ret );
+}
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
+ unsigned char *start, size_t len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ /* Remember digest of the peer's end-CRT. */
+ ssl->session_negotiate->peer_cert_digest =
+ mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
+ if( ssl->session_negotiate->peer_cert_digest == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+
+ ret = mbedtls_md( mbedtls_md_info_from_type(
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
+ start, len,
+ ssl->session_negotiate->peer_cert_digest );
+
+ ssl->session_negotiate->peer_cert_digest_type =
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
+ ssl->session_negotiate->peer_cert_digest_len =
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
+
+ return( ret );
+}
+
+static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
+ unsigned char *start, size_t len )
+{
+ unsigned char *end = start + len;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ /* Make a copy of the peer's raw public key. */
+ mbedtls_pk_init( &ssl->handshake->peer_pubkey );
+ ret = mbedtls_pk_parse_subpubkey( &start, end,
+ &ssl->handshake->peer_pubkey );
+ if( ret != 0 )
+ {
+ /* We should have parsed the public key before. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ return( 0 );
+}
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+ int crt_expected;
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
+ ? ssl->handshake->sni_authmode
+ : ssl->conf->authmode;
+#else
+ const int authmode = ssl->conf->authmode;
+#endif
+ void *rs_ctx = NULL;
+ mbedtls_x509_crt *chain = NULL;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+ crt_expected = ssl_parse_certificate_coordinate( ssl, authmode );
+ if( crt_expected == SSL_CERTIFICATE_SKIP )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
+ if( ssl->handshake->ecrs_enabled &&
+ ssl->handshake->ecrs_state == ssl_ecrs_crt_verify )
+ {
+ chain = ssl->handshake->ecrs_peer_cert;
+ ssl->handshake->ecrs_peer_cert = NULL;
+ goto crt_verify;
+ }
+#endif
+
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
+ {
+ /* mbedtls_ssl_read_record may have sent an alert already. We
+ let it decide whether to alert. */
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 )
+ {
+ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
+
+ if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL )
+ ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
+
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+ /* Clear existing peer CRT structure in case we tried to
+ * reuse a session but it failed, and allocate a new one. */
+ ssl_clear_peer_cert( ssl->session_negotiate );
+
+ chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if( chain == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
+ sizeof( mbedtls_x509_crt ) ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+ mbedtls_x509_crt_init( chain );
+
+ ret = ssl_parse_certificate_chain( ssl, chain );
+ if( ret != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
+ if( ssl->handshake->ecrs_enabled)
+ ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
+
+crt_verify:
+ if( ssl->handshake->ecrs_enabled)
+ rs_ctx = &ssl->handshake->ecrs_ctx;
+#endif
+
+ ret = ssl_parse_certificate_verify( ssl, authmode,
+ chain, rs_ctx );
+ if( ret != 0 )
+ goto exit;
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ {
+ unsigned char *crt_start, *pk_start;
+ size_t crt_len, pk_len;
+
+ /* We parse the CRT chain without copying, so
+ * these pointers point into the input buffer,
+ * and are hence still valid after freeing the
+ * CRT chain. */
+
+ crt_start = chain->raw.p;
+ crt_len = chain->raw.len;
+
+ pk_start = chain->pk_raw.p;
+ pk_len = chain->pk_raw.len;
+
+ /* Free the CRT structures before computing
+ * digest and copying the peer's public key. */
+ mbedtls_x509_crt_free( chain );
+ mbedtls_free( chain );
+ chain = NULL;
+
+ ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len );
+ if( ret != 0 )
+ goto exit;
+
+ ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len );
+ if( ret != 0 )
+ goto exit;
+ }
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ /* Pass ownership to session structure. */
+ ssl->session_negotiate->peer_cert = chain;
+ chain = NULL;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+
+exit:
+
+ if( ret == 0 )
+ ssl->state++;
+
+#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
+ if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ {
+ ssl->handshake->ecrs_peer_cert = chain;
+ chain = NULL;
+ }
+#endif
+
+ if( chain != NULL )
+ {
+ mbedtls_x509_crt_free( chain );
+ mbedtls_free( chain );
+ }
+
+ return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SHA256_C)
+static void ssl_calc_finished_tls_sha256(
+ mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+{
+ int len = 12;
+ const char *sender;
+ unsigned char padbuf[32];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
+ psa_status_t status;
+#else
+ mbedtls_sha256_context sha256;
+#endif
+
+ mbedtls_ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
+ sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+ ? "client finished"
+ : "server finished";
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ sha256_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
+
+ status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
+#else
+
+ mbedtls_sha256_init( &sha256 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
+
+ mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+
+ /*
+ * TLSv1.2:
+ * hash = PRF( master, finished_label,
+ * Hash( handshake ) )[0.11]
+ */
+
+#if !defined(MBEDTLS_SHA256_ALT)
+ MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
+ sha256.state, sizeof( sha256.state ) );
+#endif
+
+ mbedtls_sha256_finish( &sha256, padbuf );
+ mbedtls_sha256_free( &sha256 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 32, buf, len );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+ mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+}
+#endif /* MBEDTLS_SHA256_C */
+
+
+#if defined(MBEDTLS_SHA384_C)
+
+static void ssl_calc_finished_tls_sha384(
+ mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+{
+ int len = 12;
+ const char *sender;
+ unsigned char padbuf[48];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
+ psa_status_t status;
+#else
+ mbedtls_sha512_context sha512;
+#endif
+
+ mbedtls_ssl_session *session = ssl->session_negotiate;
+ if( !session )
+ session = ssl->session;
+
+ sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+ ? "client finished"
+ : "server finished";
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ sha384_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) );
+
+ status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 );
+#else
+ mbedtls_sha512_init( &sha512 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
+
+ mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+
+ /*
+ * TLSv1.2:
+ * hash = PRF( master, finished_label,
+ * Hash( handshake ) )[0.11]
+ */
+
+#if !defined(MBEDTLS_SHA512_ALT)
+ MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
+ sha512.state, sizeof( sha512.state ) );
+#endif
+ mbedtls_sha512_finish( &sha512, padbuf );
+
+ mbedtls_sha512_free( &sha512 );
+#endif
+
+ ssl->handshake->tls_prf( session->master, 48, sender,
+ padbuf, 48, buf, len );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+ mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
+}
+#endif /* MBEDTLS_SHA384_C */
+
+void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
+{
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
+
+ /*
+ * Free our handshake params
+ */
+ mbedtls_ssl_handshake_free( ssl );
+ mbedtls_free( ssl->handshake );
+ ssl->handshake = NULL;
+
+ /*
+ * Free the previous transform and swith in the current one
+ */
+ if( ssl->transform )
+ {
+ mbedtls_ssl_transform_free( ssl->transform );
+ mbedtls_free( ssl->transform );
+ }
+ ssl->transform = ssl->transform_negotiate;
+ ssl->transform_negotiate = NULL;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
+}
+
+void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
+{
+ int resume = ssl->handshake->resume;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+ {
+ ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE;
+ ssl->renego_records_seen = 0;
+ }
+#endif
+
+ /*
+ * Free the previous session and switch in the current one
+ */
+ if( ssl->session )
+ {
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ /* RFC 7366 3.1: keep the EtM state */
+ ssl->session_negotiate->encrypt_then_mac =
+ ssl->session->encrypt_then_mac;
+#endif
+
+ mbedtls_ssl_session_free( ssl->session );
+ mbedtls_free( ssl->session );
+ }
+ ssl->session = ssl->session_negotiate;
+ ssl->session_negotiate = NULL;
+
+ /*
+ * Add cache entry
+ */
+ if( ssl->conf->f_set_cache != NULL &&
+ ssl->session->id_len != 0 &&
+ resume == 0 )
+ {
+ if( ssl->conf->f_set_cache( ssl->conf->p_cache,
+ ssl->session->id,
+ ssl->session->id_len,
+ ssl->session ) != 0 )
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake->flight != NULL )
+ {
+ /* Cancel handshake timer */
+ mbedtls_ssl_set_timer( ssl, 0 );
+
+ /* Keep last flight around in case we need to resend it:
+ * we need the handshake and transform structures for that */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
+ }
+ else
+#endif
+ mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
+
+ ssl->state++;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+}
+
+int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
+{
+ int ret, hash_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+
+ mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate );
+
+ ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
+
+ /*
+ * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
+ * may define some other value. Currently (early 2016), no defined
+ * ciphersuite does this (and this is unlikely to change as activity has
+ * moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
+ */
+ hash_len = 12;
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ ssl->verify_data_len = hash_len;
+ memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
+#endif
+
+ ssl->out_msglen = 4 + hash_len;
+ ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED;
+
+ /*
+ * In case of session resuming, invert the client and server
+ * ChangeCipherSpec messages order.
+ */
+ if( ssl->handshake->resume != 0 )
+ {
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+#endif
+ }
+ else
+ ssl->state++;
+
+ /*
+ * Switch to our negotiated transform and session parameters for outbound
+ * data.
+ */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ unsigned char i;
+
+ /* Remember current epoch settings for resending */
+ ssl->handshake->alt_transform_out = ssl->transform_out;
+ memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
+ sizeof( ssl->handshake->alt_out_ctr ) );
+
+ /* Set sequence_number to zero */
+ memset( &ssl->cur_out_ctr[2], 0, sizeof( ssl->cur_out_ctr ) - 2 );
+
+
+ /* Increment epoch */
+ for( i = 2; i > 0; i-- )
+ if( ++ssl->cur_out_ctr[i - 1] != 0 )
+ break;
+
+ /* The loop goes to its end iff the counter is wrapping */
+ if( i == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
+ return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ }
+ }
+ else
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+
+ ssl->transform_out = ssl->transform_negotiate;
+ ssl->session_out = ssl->session_negotiate;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ mbedtls_ssl_send_flight_completed( ssl );
+#endif
+
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
+ return( ret );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+ return( ret );
+ }
+#endif
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+
+ return( 0 );
+}
+
+#define SSL_MAX_HASH_LEN 12
+
+int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned int hash_len = 12;
+ unsigned char buf[SSL_MAX_HASH_LEN];
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
+
+ ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
+
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+ goto exit;
+ }
+
+ if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+ goto exit;
+ }
+
+ if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED )
+ {
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+ goto exit;
+ }
+
+ if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ ret = MBEDTLS_ERR_SSL_DECODE_ERROR;
+ goto exit;
+ }
+
+ if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
+ buf, hash_len ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+ ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ ssl->verify_data_len = hash_len;
+ memcpy( ssl->peer_verify_data, buf, hash_len );
+#endif
+
+ if( ssl->handshake->resume != 0 )
+ {
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+#endif
+ }
+ else
+ ssl->state++;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ mbedtls_ssl_recv_flight_completed( ssl );
+#endif
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
+
+exit:
+ mbedtls_platform_zeroize( buf, hash_len );
+ return( ret );
+}
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+/*
+ * Helper to get TLS 1.2 PRF from ciphersuite
+ * (Duplicates bits of logic from ssl_set_handshake_prfs().)
+ */
+static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
+{
+#if defined(MBEDTLS_SHA384_C)
+ const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ return( tls_prf_sha384 );
+#else
+ (void) ciphersuite_id;
+#endif
+ return( tls_prf_sha256 );
+}
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
+{
+ ((void) tls_prf);
+#if defined(MBEDTLS_SHA384_C)
+ if( tls_prf == tls_prf_sha384 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA384 );
+ }
+ else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ if( tls_prf == tls_prf_sha256 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA256 );
+ }
+ else
+#endif
+ return( MBEDTLS_SSL_TLS_PRF_NONE );
+}
+
+/*
+ * Populate a transform structure with session keys and all the other
+ * necessary information.
+ *
+ * Parameters:
+ * - [in/out]: transform: structure to populate
+ * [in] must be just initialised with mbedtls_ssl_transform_init()
+ * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf()
+ * - [in] ciphersuite
+ * - [in] master
+ * - [in] encrypt_then_mac
+ * - [in] compression
+ * - [in] tls_prf: pointer to PRF to use for key derivation
+ * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
+ * - [in] minor_ver: SSL/TLS minor version
+ * - [in] endpoint: client or server
+ * - [in] ssl: used for:
+ * - ssl->conf->{f,p}_export_keys
+ * [in] optionally used for:
+ * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
+ */
+static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
+ int ciphersuite,
+ const unsigned char master[48],
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
+ defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac,
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ ssl_tls_prf_t tls_prf,
+ const unsigned char randbytes[64],
+ int minor_ver,
+ unsigned endpoint,
+ const mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+ unsigned char keyblk[256];
+ unsigned char *key1;
+ unsigned char *key2;
+ unsigned char *mac_enc;
+ unsigned char *mac_dec;
+ size_t mac_key_len = 0;
+ size_t iv_copy_len;
+ size_t keylen;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ const mbedtls_cipher_info_t *cipher_info;
+ const mbedtls_md_info_t *md_info;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_type_t key_type;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ size_t key_bits;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#endif
+
+#if !defined(MBEDTLS_DEBUG_C) && \
+ !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( ssl->f_export_keys == NULL )
+ {
+ ssl = NULL; /* make sure we don't use it except for these cases */
+ (void) ssl;
+ }
+#endif
+
+ /*
+ * Some data just needs copying into the structure
+ */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ transform->encrypt_then_mac = encrypt_then_mac;
+#endif
+ transform->minor_ver = minor_ver;
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ {
+ /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
+ * generation separate. This should never happen. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ /*
+ * Get various info structures
+ */
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+ if( ciphersuite_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
+ ciphersuite ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
+ if( cipher_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
+ ciphersuite_info->cipher ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
+ if( md_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
+ (unsigned) ciphersuite_info->mac ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Copy own and peer's CID if the use of the CID
+ * extension has been negotiated. */
+ if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
+
+ transform->in_cid_len = ssl->own_cid_len;
+ memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
+ transform->in_cid_len );
+
+ transform->out_cid_len = ssl->handshake->peer_cid_len;
+ memcpy( transform->out_cid, ssl->handshake->peer_cid,
+ ssl->handshake->peer_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
+ transform->out_cid_len );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /*
+ * Compute key block using the PRF
+ */
+ ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
+ mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
+
+ /*
+ * Determine the appropriate key, IV and MAC length.
+ */
+
+ keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
+
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
+ mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
+ mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
+ {
+ size_t explicit_ivlen;
+
+ transform->maclen = 0;
+ mac_key_len = 0;
+ transform->taglen =
+ ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+
+ /* All modes haves 96-bit IVs, but the length of the static parts vary
+ * with mode and version:
+ * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes
+ * (to be concatenated with a dynamically chosen IV of 8 Bytes)
+ * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's
+ * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record
+ * sequence number).
+ */
+ transform->ivlen = 12;
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
+ transform->fixed_ivlen = 12;
+ else
+ transform->fixed_ivlen = 4;
+
+ /* Minimum length of encrypted record */
+ explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
+ transform->minlen = explicit_ivlen + transform->taglen;
+ }
+ else
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
+ mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
+ {
+ /* Initialize HMAC contexts */
+ if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
+ ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+ goto end;
+ }
+
+ /* Get MAC length */
+ mac_key_len = mbedtls_md_get_size( md_info );
+ transform->maclen = mac_key_len;
+
+ /* IV length */
+ transform->ivlen = cipher_info->iv_size;
+
+ /* Minimum length */
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
+ transform->minlen = transform->maclen;
+ else
+ {
+ /*
+ * GenericBlockCipher:
+ * 1. if EtM is in use: one block plus MAC
+ * otherwise: * first multiple of blocklen greater than maclen
+ * 2. IV
+ */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ {
+ transform->minlen = transform->maclen
+ + cipher_info->block_size;
+ }
+ else
+#endif
+ {
+ transform->minlen = transform->maclen
+ + cipher_info->block_size
+ - transform->maclen % cipher_info->block_size;
+ }
+
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ transform->minlen += transform->ivlen;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
+ }
+ }
+ }
+ else
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
+ (unsigned) keylen,
+ (unsigned) transform->minlen,
+ (unsigned) transform->ivlen,
+ (unsigned) transform->maclen ) );
+
+ /*
+ * Finally setup the cipher contexts, IVs and MAC secrets.
+ */
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ key1 = keyblk + mac_key_len * 2;
+ key2 = keyblk + mac_key_len * 2 + keylen;
+
+ mac_enc = keyblk;
+ mac_dec = keyblk + mac_key_len;
+
+ /*
+ * This is not used in TLS v1.1.
+ */
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
+ memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
+ iv_copy_len );
+ }
+ else
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ key1 = keyblk + mac_key_len * 2 + keylen;
+ key2 = keyblk + mac_key_len * 2;
+
+ mac_enc = keyblk + mac_key_len;
+ mac_dec = keyblk;
+
+ /*
+ * This is not used in TLS v1.1.
+ */
+ iv_copy_len = ( transform->fixed_ivlen ) ?
+ transform->fixed_ivlen : transform->ivlen;
+ memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
+ memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
+ iv_copy_len );
+ }
+ else
+#endif /* MBEDTLS_SSL_SRV_C */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
+ }
+
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+ For AEAD-based ciphersuites, there is nothing to do here. */
+ if( mac_key_len != 0 )
+ {
+ ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+ if( ret != 0 )
+ goto end;
+ ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+ if( ret != 0 )
+ goto end;
+ }
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
+ ((void) mac_dec);
+ ((void) mac_enc);
+
+ if( ssl != NULL && ssl->f_export_keys != NULL )
+ {
+ ssl->f_export_keys( ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
+ master, 48,
+ randbytes + 32,
+ randbytes,
+ tls_prf_get_type( tls_prf ) );
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
+ transform->taglen,
+ &alg,
+ &key_type,
+ &key_bits ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
+ goto end;
+ }
+
+ transform->psa_alg = alg;
+
+ if ( alg != MBEDTLS_SSL_NULL_CIPHER )
+ {
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ if( ( status = psa_import_key( &attributes,
+ key1,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &transform->psa_key_enc ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status );
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
+ goto end;
+ }
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+
+ if( ( status = psa_import_key( &attributes,
+ key2,
+ PSA_BITS_TO_BYTES( key_bits ),
+ &transform->psa_key_dec ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
+ goto end;
+ }
+ }
+#else
+ if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
+ cipher_info ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
+ cipher_info ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
+ (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+ MBEDTLS_ENCRYPT ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
+ (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
+ MBEDTLS_DECRYPT ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+ goto end;
+ }
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
+ {
+ if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+ goto end;
+ }
+
+ if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+ goto end;
+ }
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+end:
+ mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
+ return( ret );
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg )
+{
+ psa_status_t status;
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
+
+ if( ( status = psa_hash_setup( &hash_operation,
+ hash_alg ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
+ 64 ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_update( &hash_operation,
+ data, data_len ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
+ hashlen ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
+ goto exit;
+ }
+
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ switch( status )
+ {
+ case PSA_ERROR_NOT_SUPPORTED:
+ return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ case PSA_ERROR_INSUFFICIENT_MEMORY:
+ return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+ default:
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ }
+ }
+ return( 0 );
+}
+
+#else
+
+int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg )
+{
+ int ret = 0;
+ mbedtls_md_context_t ctx;
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+ *hashlen = mbedtls_md_get_size( md_info );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
+
+ mbedtls_md_init( &ctx );
+
+ /*
+ * digitally-signed struct {
+ * opaque client_random[32];
+ * opaque server_random[32];
+ * ServerDHParams params;
+ * };
+ */
+ if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
+ goto exit;
+ }
+
+exit:
+ mbedtls_md_free( &ctx );
+
+ if( ret != 0 )
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+
+ return( ret );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+/* Find an entry in a signature-hash set matching a given hash algorithm. */
+mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg )
+{
+ switch( sig_alg )
+ {
+ case MBEDTLS_PK_RSA:
+ return( set->rsa );
+ case MBEDTLS_PK_ECDSA:
+ return( set->ecdsa );
+ default:
+ return( MBEDTLS_MD_NONE );
+ }
+}
+
+/* Add a signature-hash-pair to a signature-hash set */
+void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg,
+ mbedtls_md_type_t md_alg )
+{
+ switch( sig_alg )
+ {
+ case MBEDTLS_PK_RSA:
+ if( set->rsa == MBEDTLS_MD_NONE )
+ set->rsa = md_alg;
+ break;
+
+ case MBEDTLS_PK_ECDSA:
+ if( set->ecdsa == MBEDTLS_MD_NONE )
+ set->ecdsa = md_alg;
+ break;
+
+ default:
+ break;
+ }
+}
+
+/* Allow exactly one hash algorithm for each signature. */
+void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_md_type_t md_alg )
+{
+ set->rsa = md_alg;
+ set->ecdsa = md_alg;
+}
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+/* Serialization of TLS 1.2 sessions:
+ *
+ * struct {
+ * uint64 start_time;
+ * uint8 ciphersuite[2]; // defined by the standard
+ * uint8 compression; // 0 or 1
+ * uint8 session_id_len; // at most 32
+ * opaque session_id[32];
+ * opaque master[48]; // fixed length in the standard
+ * uint32 verify_result;
+ * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
+ * opaque ticket<0..2^24-1>; // length 0 means no ticket
+ * uint32 ticket_lifetime;
+ * uint8 mfl_code; // up to 255 according to standard
+ * uint8 encrypt_then_mac; // 0 or 1
+ * } serialized_session_tls12;
+ *
+ */
+static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len )
+{
+ unsigned char *p = buf;
+ size_t used = 0;
+
+#if defined(MBEDTLS_HAVE_TIME)
+ uint64_t start;
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ size_t cert_len;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ /*
+ * Time
+ */
+#if defined(MBEDTLS_HAVE_TIME)
+ used += 8;
+
+ if( used <= buf_len )
+ {
+ start = (uint64_t) session->start;
+
+ MBEDTLS_PUT_UINT64_BE( start, p, 0 );
+ p += 8;
+ }
+#endif /* MBEDTLS_HAVE_TIME */
+
+ /*
+ * Basic mandatory fields
+ */
+ used += 2 /* ciphersuite */
+ + 1 /* compression */
+ + 1 /* id_len */
+ + sizeof( session->id )
+ + sizeof( session->master )
+ + 4; /* verify_result */
+
+ if( used <= buf_len )
+ {
+ MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
+ p += 2;
+
+ *p++ = MBEDTLS_BYTE_0( session->compression );
+
+ *p++ = MBEDTLS_BYTE_0( session->id_len );
+ memcpy( p, session->id, 32 );
+ p += 32;
+
+ memcpy( p, session->master, 48 );
+ p += 48;
+
+ MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 );
+ p += 4;
+ }
+
+ /*
+ * Peer's end-entity certificate
+ */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ if( session->peer_cert == NULL )
+ cert_len = 0;
+ else
+ cert_len = session->peer_cert->raw.len;
+
+ used += 3 + cert_len;
+
+ if( used <= buf_len )
+ {
+ *p++ = MBEDTLS_BYTE_2( cert_len );
+ *p++ = MBEDTLS_BYTE_1( cert_len );
+ *p++ = MBEDTLS_BYTE_0( cert_len );
+
+ if( session->peer_cert != NULL )
+ {
+ memcpy( p, session->peer_cert->raw.p, cert_len );
+ p += cert_len;
+ }
+ }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ if( session->peer_cert_digest != NULL )
+ {
+ used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len;
+ if( used <= buf_len )
+ {
+ *p++ = (unsigned char) session->peer_cert_digest_type;
+ *p++ = (unsigned char) session->peer_cert_digest_len;
+ memcpy( p, session->peer_cert_digest,
+ session->peer_cert_digest_len );
+ p += session->peer_cert_digest_len;
+ }
+ }
+ else
+ {
+ used += 2;
+ if( used <= buf_len )
+ {
+ *p++ = (unsigned char) MBEDTLS_MD_NONE;
+ *p++ = 0;
+ }
+ }
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ /*
+ * Session ticket if any, plus associated data
+ */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
+
+ if( used <= buf_len )
+ {
+ *p++ = MBEDTLS_BYTE_2( session->ticket_len );
+ *p++ = MBEDTLS_BYTE_1( session->ticket_len );
+ *p++ = MBEDTLS_BYTE_0( session->ticket_len );
+
+ if( session->ticket != NULL )
+ {
+ memcpy( p, session->ticket, session->ticket_len );
+ p += session->ticket_len;
+ }
+
+ MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
+ p += 4;
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+ /*
+ * Misc extension-related info
+ */
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ used += 1;
+
+ if( used <= buf_len )
+ *p++ = session->mfl_code;
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ used += 1;
+
+ if( used <= buf_len )
+ *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac );
+#endif
+
+ return( used );
+}
+
+static int ssl_session_load_tls12( mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len )
+{
+#if defined(MBEDTLS_HAVE_TIME)
+ uint64_t start;
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ size_t cert_len;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ const unsigned char *p = buf;
+ const unsigned char * const end = buf + len;
+
+ /*
+ * Time
+ */
+#if defined(MBEDTLS_HAVE_TIME)
+ if( 8 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ start = ( (uint64_t) p[0] << 56 ) |
+ ( (uint64_t) p[1] << 48 ) |
+ ( (uint64_t) p[2] << 40 ) |
+ ( (uint64_t) p[3] << 32 ) |
+ ( (uint64_t) p[4] << 24 ) |
+ ( (uint64_t) p[5] << 16 ) |
+ ( (uint64_t) p[6] << 8 ) |
+ ( (uint64_t) p[7] );
+ p += 8;
+
+ session->start = (time_t) start;
+#endif /* MBEDTLS_HAVE_TIME */
+
+ /*
+ * Basic mandatory fields
+ */
+ if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ciphersuite = ( p[0] << 8 ) | p[1];
+ p += 2;
+
+ session->compression = *p++;
+
+ session->id_len = *p++;
+ memcpy( session->id, p, 32 );
+ p += 32;
+
+ memcpy( session->master, p, 48 );
+ p += 48;
+
+ session->verify_result = ( (uint32_t) p[0] << 24 ) |
+ ( (uint32_t) p[1] << 16 ) |
+ ( (uint32_t) p[2] << 8 ) |
+ ( (uint32_t) p[3] );
+ p += 4;
+
+ /* Immediately clear invalid pointer values that have been read, in case
+ * we exit early before we replaced them with valid ones. */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ session->peer_cert = NULL;
+#else
+ session->peer_cert_digest = NULL;
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ session->ticket = NULL;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+ /*
+ * Peer certificate
+ */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ /* Deserialize CRT from the end of the ticket. */
+ if( 3 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+ p += 3;
+
+ if( cert_len != 0 )
+ {
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( cert_len > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+
+ if( session->peer_cert == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ mbedtls_x509_crt_init( session->peer_cert );
+
+ if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
+ p, cert_len ) ) != 0 )
+ {
+ mbedtls_x509_crt_free( session->peer_cert );
+ mbedtls_free( session->peer_cert );
+ session->peer_cert = NULL;
+ return( ret );
+ }
+
+ p += cert_len;
+ }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ /* Deserialize CRT digest from the end of the ticket. */
+ if( 2 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->peer_cert_digest_type = (mbedtls_md_type_t) *p++;
+ session->peer_cert_digest_len = (size_t) *p++;
+
+ if( session->peer_cert_digest_len != 0 )
+ {
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_type( session->peer_cert_digest_type );
+ if( md_info == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( session->peer_cert_digest_len > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->peer_cert_digest =
+ mbedtls_calloc( 1, session->peer_cert_digest_len );
+ if( session->peer_cert_digest == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ memcpy( session->peer_cert_digest, p,
+ session->peer_cert_digest_len );
+ p += session->peer_cert_digest_len;
+ }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ /*
+ * Session ticket and associated data
+ */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ if( 3 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+ p += 3;
+
+ if( session->ticket_len != 0 )
+ {
+ if( session->ticket_len > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ticket = mbedtls_calloc( 1, session->ticket_len );
+ if( session->ticket == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ memcpy( session->ticket, p, session->ticket_len );
+ p += session->ticket_len;
+ }
+
+ if( 4 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) |
+ ( (uint32_t) p[1] << 16 ) |
+ ( (uint32_t) p[2] << 8 ) |
+ ( (uint32_t) p[3] );
+ p += 4;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+ /*
+ * Misc extension-related info
+ */
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if( 1 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->mfl_code = *p++;
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( 1 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->encrypt_then_mac = *p++;
+#endif
+
+ /* Done, should have consumed entire buffer */
+ if( p != end )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f556c0f..7f120a2 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -21,9 +21,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
-#if defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <string.h>
@@ -2059,6 +2057,6 @@
return( ret );
}
-#endif /* MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1ad03a9..d1646eb 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -19,9 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_TLS_C)
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include <string.h>
@@ -1276,6 +1274,4 @@
return( ret );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-#endif /* MBEDTLS_SSL_TLS_C */
+#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5e74083..b5f3ad7 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -19,9 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
-#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "mbedtls/debug.h"
@@ -38,6 +36,4 @@
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
new file mode 100644
index 0000000..0a22c54
--- /dev/null
+++ b/tests/configs/tls13-only.h
@@ -0,0 +1,34 @@
+/* MBEDTLS_USER_CONFIG_FILE for testing.
+ * Only used for a few test configurations.
+ *
+ * Typical usage (note multiple levels of quoting):
+ * make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define MBEDTLS_SSL_PROTO_TLS1_3
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+
+#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#undef MBEDTLS_SSL_PROTO_TLS1_2
+#undef MBEDTLS_SSL_PROTO_DTLS
+#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index bd38cdb..0c2d9dd 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2705,6 +2705,17 @@
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
}
+component_test_tls13_only () {
+ msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
+ make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+
+ msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2"
+ if_build_succeeded make test
+
+ msg "ssl-opt.sh (TLS 1.3)"
+ if_build_succeeded tests/ssl-opt.sh
+}
+
component_test_tls13 () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ddf831f..dd05716 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1192,6 +1192,7 @@
}
run_test_psa() {
+ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA-supported ciphersuite: $1" \
"$P_SRV debug_level=3 force_version=tls12" \
@@ -1211,6 +1212,7 @@
}
run_test_psa_force_curve() {
+ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA - ECDH with $1" \
"$P_SRV debug_level=4 force_version=tls12 curves=$1" \
@@ -1445,6 +1447,7 @@
# - things work with all ciphersuites active (used with config-full in all.sh)
# - the expected parameters are selected
# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Default" \
"$P_SRV debug_level=3" \
"$P_CLI" \
@@ -1456,6 +1459,7 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Default, DTLS" \
"$P_SRV dtls=1" \
"$P_CLI dtls=1" \
@@ -1463,12 +1467,14 @@
-s "Protocol is DTLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "TLS client auth: required" \
"$P_SRV auth_mode=required" \
"$P_CLI" \
0 \
-s "Verifying peer X.509 certificate... ok"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
@@ -1476,6 +1482,7 @@
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
-c "Key size is 256"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -1483,6 +1490,7 @@
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
-c "Key size is 128"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
@@ -1491,6 +1499,7 @@
"$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
@@ -1499,6 +1508,7 @@
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
@@ -1510,6 +1520,7 @@
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \
"$P_SRV debug_level=3" \
@@ -1519,6 +1530,7 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
@@ -1534,6 +1546,7 @@
-C "error"
# Test using an opaque private key for client authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
@@ -1552,6 +1565,7 @@
-C "error"
# Test using an opaque private key for server authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
@@ -1570,6 +1584,7 @@
-C "error"
# Test using an opaque private key for client/server authentication
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
@@ -1630,6 +1645,7 @@
run_test_psa_force_curve "secp192k1"
# Test current time in ServerHello
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_HAVE_TIME
run_test "ServerHello contains gmt_unix_time" \
"$P_SRV debug_level=3" \
@@ -1639,6 +1655,7 @@
-F "check_server_hello_time"
# Test for uniqueness of IVs in AEAD ciphersuites
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Unique IV in GCM" \
"$P_SRV exchanges=20 debug_level=4" \
"$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
@@ -1647,6 +1664,7 @@
-U "IV used"
# Tests for certificate verification callback
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Configuration-specific CRT verification callback" \
"$P_SRV debug_level=3" \
"$P_CLI context_crt_cb=0 debug_level=3" \
@@ -1657,6 +1675,7 @@
-C "Use context-specific verification callback" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Context-specific CRT verification callback" \
"$P_SRV debug_level=3" \
"$P_CLI context_crt_cb=1 debug_level=3" \
@@ -1668,33 +1687,39 @@
-C "error"
# Tests for SHA-1 support
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 allow_sha1=0" \
1 \
-c "The certificate is signed with an unacceptable hash"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 explicitly allowed in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI allow_sha1=1" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-256 allowed by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
"$P_CLI allow_sha1=0" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1 \
-s "The certificate is signed with an unacceptable hash"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV auth_mode=required allow_sha1=1" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
@@ -1703,31 +1728,37 @@
# Dummy TLS 1.3 test
# Currently only checking that passing TLS 1.3 key exchange modes to
# ssl_client2/ssl_server2 example programs works.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \
- "$P_SRV tls13_kex_modes=psk" \
- "$P_CLI tls13_kex_modes=psk" \
+ "$P_SRV tls13_kex_modes=psk debug_level=4" \
+ "$P_CLI tls13_kex_modes=psk debug_level=4" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \
"$P_SRV tls13_kex_modes=psk_ephemeral" \
"$P_CLI tls13_kex_modes=psk_ephemeral" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \
"$P_SRV tls13_kex_modes=ephemeral" \
"$P_CLI tls13_kex_modes=ephemeral" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \
"$P_SRV tls13_kex_modes=ephemeral_all" \
"$P_CLI tls13_kex_modes=ephemeral_all" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \
"$P_SRV tls13_kex_modes=psk_all" \
"$P_CLI tls13_kex_modes=psk_all" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3, key exchange mode parameter passing: All" \
"$P_SRV tls13_kex_modes=all" \
@@ -1735,6 +1766,7 @@
0
# Tests for datagram packing
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, client and server" \
"$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
@@ -1742,6 +1774,7 @@
-c "next record in same datagram" \
-s "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, client only" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
@@ -1749,6 +1782,7 @@
-s "next record in same datagram" \
-C "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, server only" \
"$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
@@ -1756,6 +1790,7 @@
-S "next record in same datagram" \
-c "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, neither client nor server" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
@@ -1765,6 +1800,7 @@
# Tests for Context serialization
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, client serializes, CCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1773,6 +1809,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, client serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1781,6 +1818,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, client serializes, GCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1789,6 +1827,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, client serializes, with CID" \
@@ -1798,6 +1837,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, server serializes, CCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1806,6 +1846,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, server serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1814,6 +1855,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, server serializes, GCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1822,6 +1864,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, server serializes, with CID" \
@@ -1831,6 +1874,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, both serialize, CCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1839,6 +1883,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, both serialize, ChaChaPoly" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1847,6 +1892,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, both serialize, GCM" \
"$P_SRV dtls=1 serialize=1 exchanges=2" \
@@ -1855,6 +1901,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, both serialize, with CID" \
@@ -1864,6 +1911,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, client serializes, CCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1872,6 +1920,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, client serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1880,6 +1929,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, client serializes, GCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
@@ -1888,6 +1938,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, re-init, client serializes, with CID" \
@@ -1897,6 +1948,7 @@
-c "Deserializing connection..." \
-S "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, server serializes, CCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1905,6 +1957,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, server serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1913,6 +1966,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, server serializes, GCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1921,6 +1975,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, re-init, server serializes, with CID" \
@@ -1930,6 +1985,7 @@
-C "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, both serialize, CCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1938,6 +1994,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, both serialize, ChaChaPoly" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1946,6 +2003,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Context serialization, re-init, both serialize, GCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
@@ -1954,6 +2012,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Context serialization, re-init, both serialize, with CID" \
@@ -1963,6 +2022,7 @@
-c "Deserializing connection..." \
-s "Deserializing connection..."
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Saving the serialized context to a file" \
"$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \
@@ -1979,6 +2039,7 @@
# grep for output witnessing its use. This needs to be
# changed once the CID extension is implemented.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli enabled, Srv disabled" \
"$P_SRV debug_level=3 dtls=1 cid=0" \
@@ -1995,6 +2056,7 @@
-C "Copy CIDs into SSL transform" \
-c "Use of Connection ID was rejected by the server"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli disabled, Srv enabled" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2010,6 +2072,7 @@
-C "Copy CIDs into SSL transform" \
-s "Use of Connection ID was not offered by client"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
@@ -2030,6 +2093,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \
-p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
@@ -2053,6 +2117,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
-p "$P_PXY mtu=800" \
@@ -2074,6 +2139,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
-p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
@@ -2097,6 +2163,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2117,6 +2184,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2137,6 +2205,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2155,6 +2224,7 @@
-S "Use of Connection ID has been negotiated" \
-C "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
@@ -2175,6 +2245,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2195,6 +2266,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2215,6 +2287,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2233,6 +2306,7 @@
-S "Use of Connection ID has been negotiated" \
-C "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
@@ -2253,6 +2327,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
@@ -2273,6 +2348,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2293,6 +2369,7 @@
-s "Use of Connection ID has been negotiated" \
-c "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \
"$P_SRV debug_level=3 dtls=1 cid=1" \
@@ -2311,6 +2388,7 @@
-S "Use of Connection ID has been negotiated" \
-C "Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \
@@ -2326,6 +2404,7 @@
-s "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \
@@ -2341,6 +2420,7 @@
-s "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \
@@ -2356,6 +2436,7 @@
-s "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \
@@ -2374,6 +2455,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \
@@ -2389,6 +2471,7 @@
-C "(after renegotiation) Use of Connection ID has been negotiated" \
-S "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \
@@ -2404,6 +2487,7 @@
-C "(after renegotiation) Use of Connection ID has been negotiated" \
-S "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \
@@ -2422,6 +2506,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \
@@ -2435,6 +2520,7 @@
-c "(after renegotiation) Use of Connection ID has been negotiated" \
-s "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \
@@ -2448,6 +2534,7 @@
-c "(after renegotiation) Use of Connection ID has been negotiated" \
-s "(after renegotiation) Use of Connection ID has been negotiated"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \
@@ -2464,6 +2551,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \
@@ -2480,6 +2568,7 @@
-S "(after renegotiation) Use of Connection ID has been negotiated" \
-s "(after renegotiation) Use of Connection ID was not offered by client"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \
@@ -2499,6 +2588,7 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \
@@ -2515,6 +2605,7 @@
-S "(after renegotiation) Use of Connection ID has been negotiated" \
-c "(after renegotiation) Use of Connection ID was rejected by the server"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \
@@ -2537,6 +2628,7 @@
# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the
# tests check that the buffer contents are reallocated when the message is
# larger than the buffer.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
requires_max_content_len 513
@@ -2551,6 +2643,7 @@
-s "Reallocating in_buf" \
-s "Reallocating out_buf"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
requires_max_content_len 1025
@@ -2567,6 +2660,7 @@
# Tests for Encrypt-then-MAC extension
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: default" \
"$P_SRV debug_level=3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -2579,6 +2673,7 @@
-c "using encrypt then mac" \
-s "using encrypt then mac"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: client enabled, server disabled" \
"$P_SRV debug_level=3 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -2591,6 +2686,7 @@
-C "using encrypt then mac" \
-S "using encrypt then mac"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: client enabled, aead cipher" \
"$P_SRV debug_level=3 etm=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
@@ -2603,6 +2699,7 @@
-C "using encrypt then mac" \
-S "using encrypt then mac"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: client disabled, server enabled" \
"$P_SRV debug_level=3 etm=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@@ -2617,6 +2714,7 @@
# Tests for Extended Master Secret extension
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Extended Master Secret: default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -2628,6 +2726,7 @@
-c "session hash for extended master secret" \
-s "session hash for extended master secret"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Extended Master Secret: client enabled, server disabled" \
"$P_SRV debug_level=3 extended_ms=0" \
"$P_CLI debug_level=3 extended_ms=1" \
@@ -2639,6 +2738,7 @@
-C "session hash for extended master secret" \
-S "session hash for extended master secret"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Extended Master Secret: client disabled, server enabled" \
"$P_SRV debug_level=3 extended_ms=1" \
"$P_CLI debug_level=3 extended_ms=0" \
@@ -2652,6 +2752,7 @@
# Test sending and receiving empty application data records
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=1" \
"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
@@ -2660,6 +2761,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC: disabled, empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=0" \
"$P_CLI auth_mode=none etm=0 request_size=0" \
@@ -2667,6 +2769,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC, DTLS: empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
@@ -2675,6 +2778,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
"$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
@@ -2684,6 +2788,7 @@
# Tests for CBC 1/n-1 record splitting
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "CBC Record splitting: TLS 1.2, no splitting" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
@@ -2695,6 +2800,7 @@
# Tests for Session Tickets
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: basic" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2709,6 +2815,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "Session resume using tickets: manual rotation" \
"$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \
@@ -2724,6 +2831,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: cache disabled" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2738,6 +2846,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: timeout" \
"$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
@@ -2752,6 +2861,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: session copy" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_mode=0" \
@@ -2766,6 +2876,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: openssl server" \
"$O_SRV" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2775,6 +2886,7 @@
-c "parse new session ticket" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: openssl client" \
"$P_SRV debug_level=3 tickets=1" \
"( $O_CLI -sess_out $SESSION; \
@@ -2787,6 +2899,7 @@
-s "session successfully restored from ticket" \
-s "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: AES-128-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2801,6 +2914,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: AES-192-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2815,6 +2929,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: AES-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2829,6 +2944,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: AES-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2843,6 +2959,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: AES-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2857,6 +2974,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: CAMELLIA-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2871,6 +2989,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: CAMELLIA-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2885,6 +3004,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: CAMELLIA-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2899,6 +3019,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: ARIA-128-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2913,6 +3034,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: ARIA-192-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2927,6 +3049,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: ARIA-256-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2941,6 +3064,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: ARIA-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2955,6 +3079,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: ARIA-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2969,6 +3094,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets: ARIA-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -2985,6 +3111,7 @@
# Tests for Session Tickets with DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: basic" \
"$P_SRV debug_level=3 dtls=1 tickets=1" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -2999,6 +3126,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: cache disabled" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -3013,6 +3141,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: timeout" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \
@@ -3027,6 +3156,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: session copy" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \
@@ -3041,6 +3171,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: openssl server" \
"$O_SRV -dtls" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
@@ -3053,6 +3184,7 @@
# For reasons that aren't fully understood, this test randomly fails with high
# probability with OpenSSL 1.0.2g on the CI, see #5012.
requires_openssl_next
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using tickets, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"( $O_NEXT_CLI -dtls -sess_out $SESSION; \
@@ -3067,6 +3199,7 @@
# Tests for Session Resume based on session-ID and cache
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: tickets enabled on client" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -3081,6 +3214,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: tickets enabled on server" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -3095,6 +3229,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: cache_max=0" \
"$P_SRV debug_level=3 tickets=0 cache_max=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -3104,6 +3239,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: cache_max=1" \
"$P_SRV debug_level=3 tickets=0 cache_max=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -3113,6 +3249,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: timeout > delay" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
@@ -3122,6 +3259,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: timeout < delay" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -3131,6 +3269,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: no timeout" \
"$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
@@ -3140,6 +3279,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: session copy" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
@@ -3149,6 +3289,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: openssl client" \
"$P_SRV debug_level=3 tickets=0" \
"( $O_CLI -sess_out $SESSION; \
@@ -3161,6 +3302,7 @@
-S "session successfully restored from ticket" \
-s "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache: openssl server" \
"$O_SRV" \
"$P_CLI debug_level=3 tickets=0 reconnect=1" \
@@ -3171,6 +3313,7 @@
# Tests for Session Resume based on session-ID and cache, DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: tickets enabled on client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -3185,6 +3328,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: tickets enabled on server" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -3199,6 +3343,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: cache_max=0" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -3208,6 +3353,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: cache_max=1" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -3217,6 +3363,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: timeout > delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \
@@ -3226,6 +3373,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: timeout < delay" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
@@ -3235,6 +3383,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: no timeout" \
"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
@@ -3244,6 +3393,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: session copy" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \
@@ -3256,6 +3406,7 @@
# For reasons that aren't fully understood, this test randomly fails with high
# probability with OpenSSL 1.0.2g on the CI, see #5012.
requires_openssl_next
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"( $O_NEXT_CLI -dtls -sess_out $SESSION; \
@@ -3268,6 +3419,7 @@
-S "session successfully restored from ticket" \
-s "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Session resume using cache, DTLS: openssl server" \
"$O_SRV -dtls" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
@@ -3279,6 +3431,7 @@
# Tests for Max Fragment Length extension
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: enabled, default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -3293,6 +3446,7 @@
-C "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: enabled, default, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3310,6 +3464,7 @@
-s "1 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length, DTLS: enabled, default, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3329,6 +3484,7 @@
# content length configuration.)
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: disabled, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3342,6 +3498,7 @@
-s "1 bytes read"
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length, DTLS: disabled, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
@@ -3354,6 +3511,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3369,6 +3527,7 @@
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=512" \
@@ -3384,6 +3543,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=512" \
@@ -3399,6 +3559,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=512" \
@@ -3414,6 +3575,7 @@
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=1024" \
@@ -3429,6 +3591,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=1024" \
@@ -3444,6 +3607,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=1024" \
@@ -3459,6 +3623,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=2048" \
@@ -3474,6 +3639,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=2048" \
@@ -3489,6 +3655,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=2048" \
@@ -3504,6 +3671,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3519,6 +3687,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3534,6 +3703,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3549,6 +3719,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
@@ -3565,6 +3736,7 @@
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: gnutls server" \
"$G_SRV" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -3576,6 +3748,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
@@ -3593,6 +3766,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
@@ -3611,6 +3785,7 @@
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
@@ -3628,6 +3803,7 @@
# Tests for renegotiation
# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: none, for reference" \
"$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2" \
@@ -3642,6 +3818,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3656,6 +3833,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@@ -3673,6 +3851,7 @@
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3691,6 +3870,7 @@
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@@ -3706,6 +3886,7 @@
-S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: double" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3722,6 +3903,7 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation with max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -3744,6 +3926,7 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: client-initiated, server-rejected" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3760,6 +3943,7 @@
-c "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, default" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
@@ -3776,6 +3960,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=-1 auth_mode=optional" \
@@ -3794,6 +3979,7 @@
# delay 2 for 1 alert record + 1 application data record
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=2 auth_mode=optional" \
@@ -3811,6 +3997,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0 auth_mode=optional" \
@@ -3827,6 +4014,7 @@
-s "SSL - An unexpected message was received from our peer"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0 auth_mode=optional" \
@@ -3844,6 +4032,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, just below period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
@@ -3862,6 +4051,7 @@
# one extra exchange to be able to complete renego
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, just above period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
@@ -3879,6 +4069,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, two times period" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
@@ -3896,6 +4087,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: periodic, above period, disabled" \
"$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
@@ -3913,6 +4105,7 @@
-S "failed"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: nbio, client-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -3927,6 +4120,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: nbio, server-initiated" \
"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
@@ -3941,6 +4135,7 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: openssl server, client-initiated" \
"$O_SRV -www" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
@@ -3954,6 +4149,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server strict, client-initiated" \
"$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
@@ -3967,6 +4163,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
@@ -3980,6 +4177,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
@@ -3994,6 +4192,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
@@ -4007,6 +4206,7 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, client-initiated" \
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -4021,6 +4221,7 @@
-S "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, server-initiated" \
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
@@ -4036,6 +4237,7 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, renego_period overflow" \
"$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
"$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
@@ -4051,6 +4253,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
"$G_SRV -u --mtu 4096" \
"$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
@@ -4065,6 +4268,7 @@
# Test for the "secure renegotation" extension only (no actual renegotiation)
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server strict, client default" \
"$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3" \
@@ -4074,6 +4278,7 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server unsafe, client default" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3" \
@@ -4083,6 +4288,7 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server unsafe, client break legacy" \
"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
"$P_CLI debug_level=3 allow_legacy=-1" \
@@ -4092,6 +4298,7 @@
-C "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client strict, server default" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
@@ -4100,6 +4307,7 @@
-s "server hello, secure renegotiation extension"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client unsafe, server default" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -4108,6 +4316,7 @@
-S "server hello, secure renegotiation extension"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client unsafe, server break legacy" \
"$P_SRV debug_level=3 allow_legacy=-1" \
"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -4118,6 +4327,7 @@
# Tests for silently dropping trailing extra bytes in .der certificates
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: no trailing bytes" \
"$P_SRV crt_file=data_files/server5-der0.crt \
key_file=data_files/server5.key" \
@@ -4126,6 +4336,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing zero byte" \
"$P_SRV crt_file=data_files/server5-der1a.crt \
key_file=data_files/server5.key" \
@@ -4134,6 +4345,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing random byte" \
"$P_SRV crt_file=data_files/server5-der1b.crt \
key_file=data_files/server5.key" \
@@ -4142,6 +4354,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 2 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der2.crt \
key_file=data_files/server5.key" \
@@ -4150,6 +4363,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 4 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der4.crt \
key_file=data_files/server5.key" \
@@ -4158,6 +4372,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 8 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der8.crt \
key_file=data_files/server5.key" \
@@ -4166,6 +4381,7 @@
-c "Handshake was completed" \
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 9 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der9.crt \
key_file=data_files/server5.key" \
@@ -4176,6 +4392,7 @@
# Tests for auth_mode, there are duplicated tests using ca callback for authentication
# When updating these tests, modify the matching authentication tests accordingly
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4186,6 +4403,7 @@
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4196,6 +4414,7 @@
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server goodcert, client optional, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
@@ -4207,6 +4426,7 @@
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server goodcert, client required, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
@@ -4225,6 +4445,7 @@
# different means to have the server ignoring the client's supported curve list.
requires_config_enabled MBEDTLS_ECP_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4235,6 +4456,7 @@
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
requires_config_enabled MBEDTLS_ECP_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4244,6 +4466,7 @@
-c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server badcert, client none" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4254,6 +4477,7 @@
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client SHA256, server required" \
"$P_SRV auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4263,6 +4487,7 @@
-c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5,"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client SHA384, server required" \
"$P_SRV auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4272,6 +4497,7 @@
-c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5,"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client has no cert, server required (TLS)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=none \
@@ -4288,6 +4514,7 @@
-c "! mbedtls_ssl_handshake returned" \
-s "No client certification received from the client, but required by the authentication mode"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client badcert, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4309,6 +4536,7 @@
# detect that its write end of the connection is closed and abort
# before reading the alert message.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client cert self-signed and trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -4324,6 +4552,7 @@
-S "! The certificate is not correctly signed" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -4341,6 +4570,7 @@
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4358,6 +4588,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client badcert, server none" \
"$P_SRV debug_level=3 auth_mode=none" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4375,6 +4606,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -4391,6 +4623,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: openssl client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI" \
@@ -4401,6 +4634,7 @@
-S "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client no cert, openssl server optional" \
"$O_SRV -verify 10" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -4411,6 +4645,7 @@
-c "skip write certificate verify" \
-C "! mbedtls_ssl_handshake returned"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client no cert, openssl server required" \
"$O_SRV -Verify 10" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -4433,6 +4668,7 @@
# are in place so that the semantics are consistent with the test description.
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -4442,6 +4678,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4451,6 +4688,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4461,6 +4699,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: server max_int+1 chain, client none" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4471,6 +4710,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int+1 chain, server default" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4480,6 +4720,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int+1 chain, server optional" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4489,6 +4730,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int+1 chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4498,6 +4740,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: client max_int chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
@@ -4507,6 +4750,7 @@
# Tests for CA list in CertificateRequest messages
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: send CA list in CertificateRequest (default)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI crt_file=data_files/server6.crt \
@@ -4514,6 +4758,7 @@
0 \
-s "requested DN"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: do not send CA list in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI crt_file=data_files/server6.crt \
@@ -4521,6 +4766,7 @@
0 \
-S "requested DN"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication: send CA list in CertificateRequest, client self signed" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -4537,6 +4783,7 @@
# When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4549,6 +4796,7 @@
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -4569,6 +4817,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4581,6 +4830,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -4592,6 +4842,7 @@
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4603,6 +4854,7 @@
-c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -4614,6 +4866,7 @@
-c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4637,6 +4890,7 @@
# before reading the alert message.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -4656,6 +4910,7 @@
-s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -4677,6 +4932,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -4688,6 +4944,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4699,6 +4956,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -4711,6 +4969,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4722,6 +4981,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -4733,6 +4993,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
@@ -4744,6 +5005,7 @@
# Tests for certificate selection based on SHA verson
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@@ -4757,6 +5019,7 @@
# tests for SNI
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@@ -4767,6 +5030,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4778,6 +5042,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4789,6 +5054,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: no matching cert" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4801,6 +5067,7 @@
-c "mbedtls_ssl_handshake returned" \
-c "SSL - A fatal alert message was received from our peer"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4814,6 +5081,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4827,6 +5095,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4840,6 +5109,7 @@
-c "skip write certificate verify" \
-s "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: CA no override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4858,6 +5128,7 @@
-s "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: CA override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4876,6 +5147,7 @@
-S "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4897,6 +5169,7 @@
# Tests for SNI and DTLS
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no SNI callback" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@@ -4907,6 +5180,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 1" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4918,6 +5192,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 2" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4928,6 +5203,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no matching cert" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4940,6 +5216,7 @@
-c "mbedtls_ssl_handshake returned" \
-c "SSL - A fatal alert message was received from our peer"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4953,6 +5230,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4966,6 +5244,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4979,6 +5258,7 @@
-c "skip write certificate verify" \
-s "skip parse certificate verify"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA no override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4997,6 +5277,7 @@
-s "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5015,6 +5296,7 @@
-S "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
@@ -5035,6 +5317,7 @@
# Tests for non-blocking I/O: exercise a variety of handshake flows
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: basic handshake" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0" \
@@ -5043,6 +5326,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: client auth" \
"$P_SRV nbio=2 tickets=0 auth_mode=required" \
"$P_CLI nbio=2 tickets=0" \
@@ -5051,6 +5335,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1" \
@@ -5059,6 +5344,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket + client auth" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1" \
@@ -5067,6 +5353,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket + client auth + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -5075,6 +5362,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: ticket + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -5083,6 +5371,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Non-blocking I/O: session-id resume" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0 reconnect=1" \
@@ -5093,6 +5382,7 @@
# Tests for event-driven I/O: exercise a variety of handshake flows
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: basic handshake" \
"$P_SRV event=1 tickets=0 auth_mode=none" \
"$P_CLI event=1 tickets=0" \
@@ -5101,6 +5391,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: client auth" \
"$P_SRV event=1 tickets=0 auth_mode=required" \
"$P_CLI event=1 tickets=0" \
@@ -5109,6 +5400,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1" \
@@ -5117,6 +5409,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket + client auth" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1" \
@@ -5125,6 +5418,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket + client auth + resume" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -5133,6 +5427,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: ticket + resume" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -5141,6 +5436,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O: session-id resume" \
"$P_SRV event=1 tickets=0 auth_mode=none" \
"$P_CLI event=1 tickets=0 reconnect=1" \
@@ -5149,42 +5445,49 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: basic handshake" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=0" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: client auth" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=0" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket + client auth" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: ticket + resume" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
0 \
-c "Read from server: .* bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: session-id resume" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -5196,6 +5499,7 @@
# within the same datagram as the Finished messages. In this situation, the
# server MUST NOT idle on the underlying transport after handshake completion,
# because the ApplicationData request has already been queued internally.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
-p "$P_PXY pack=50" \
"$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
@@ -5205,6 +5509,7 @@
# Tests for version negotiation
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Version check: all -> 1.2" \
"$P_SRV" \
"$P_CLI" \
@@ -5214,6 +5519,7 @@
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: cli TLS 1.0" \
"$P_SRV" \
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \
@@ -5223,6 +5529,7 @@
-S "Protocol is TLSv1.0" \
-C "Handshake was completed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: cli TLS 1.1" \
"$P_SRV" \
"$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \
@@ -5232,6 +5539,7 @@
-S "Protocol is TLSv1.1" \
-C "Handshake was completed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: srv max TLS 1.0" \
"$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \
"$P_CLI" \
@@ -5241,6 +5549,7 @@
-S "Version: TLS1.0" \
-C "Protocol is TLSv1.0"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Not supported version check: srv max TLS 1.1" \
"$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \
"$P_CLI" \
@@ -5252,6 +5561,7 @@
# Tests for ALPN extension
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: none" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -5264,6 +5574,7 @@
-C "Application Layer Protocol is" \
-S "Application Layer Protocol is"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: client only" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -5276,6 +5587,7 @@
-c "Application Layer Protocol is (none)" \
-S "Application Layer Protocol is"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: server only" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3" \
@@ -5288,6 +5600,7 @@
-C "Application Layer Protocol is" \
-s "Application Layer Protocol is (none)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli1-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -5300,6 +5613,7 @@
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli2-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abc" \
@@ -5312,6 +5626,7 @@
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, common cli1-srv2" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -5324,6 +5639,7 @@
-c "Application Layer Protocol is 1234" \
-s "Application Layer Protocol is 1234"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ALPN: both, no common" \
"$P_SRV debug_level=3 alpn=abc,123" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -5340,6 +5656,7 @@
# Tests for keyUsage in leaf certificates, part 1:
# server-side certificate/suite selection
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ds.crt" \
@@ -5348,6 +5665,7 @@
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ke.crt" \
@@ -5355,6 +5673,7 @@
0 \
-c "Ciphersuite is TLS-RSA-WITH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: RSA, keyAgreement -> fail" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ka.crt" \
@@ -5362,6 +5681,7 @@
1 \
-C "Ciphersuite is "
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ds.crt" \
@@ -5370,6 +5690,7 @@
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5377,6 +5698,7 @@
0 \
-c "Ciphersuite is TLS-ECDH-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ke.crt" \
@@ -5387,6 +5709,7 @@
# Tests for keyUsage in leaf certificates, part 2:
# client-side checking of server cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
@@ -5397,6 +5720,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
@@ -5407,6 +5731,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
@@ -5417,6 +5742,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
@@ -5427,6 +5753,7 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
@@ -5438,6 +5765,7 @@
-c "Ciphersuite is TLS-" \
-c "! Usage does not match the keyUsage extension"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
@@ -5448,6 +5776,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature, RSA: fail" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
@@ -5458,6 +5787,7 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
@@ -5472,6 +5802,7 @@
# Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
@@ -5480,6 +5811,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
@@ -5488,6 +5820,7 @@
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
"$O_CLI -key data_files/server2.key \
@@ -5496,6 +5829,7 @@
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5504,6 +5838,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5514,24 +5849,28 @@
# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: serverAuth -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-cs_any.crt" \
"$P_CLI" \
0
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage srv: codeSign -> fail" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-cli.crt" \
@@ -5540,6 +5879,7 @@
# Tests for extendedKeyUsage, part 2: client-side checking of server cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth -> OK" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-srv.crt" \
@@ -5549,6 +5889,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
@@ -5558,6 +5899,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
@@ -5567,6 +5909,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign -> fail" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
@@ -5578,6 +5921,7 @@
# Tests for extendedKeyUsage, part 3: server-side checking of client cert
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5586,6 +5930,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5594,6 +5939,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5602,6 +5948,7 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
@@ -5610,6 +5957,7 @@
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
"$O_CLI -key data_files/server5.key \
@@ -5620,6 +5968,7 @@
# Tests for DHM parameters loading
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM parameters: reference" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5628,6 +5977,7 @@
-c "value of 'DHM: P ' (2048 bits)" \
-c "value of 'DHM: G ' (2 bits)"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5638,6 +5988,7 @@
# Tests for DHM client-side size checking
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server default, client default, OK" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5645,6 +5996,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server default, client 2048, OK" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5652,6 +6004,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1024, client default, OK" \
"$P_SRV dhm_file=data_files/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5659,6 +6012,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 999, client 999, OK" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5666,6 +6020,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1000, client 1000, OK" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5673,6 +6028,7 @@
0 \
-C "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5680,6 +6036,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 1000, client 1001, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5687,6 +6044,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 999, client 1000, rejected" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5694,6 +6052,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server 998, client 999, rejected" \
"$P_SRV dhm_file=data_files/dh.998.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5701,6 +6060,7 @@
1 \
-c "DHM prime too short:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5710,6 +6070,7 @@
# Tests for PSK callback
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: psk, no callback" \
"$P_SRV psk=abc123 psk_identity=foo" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5720,6 +6081,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5734,6 +6096,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5748,6 +6111,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5762,6 +6126,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5776,6 +6141,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5790,6 +6156,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5804,6 +6171,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
@@ -5819,6 +6187,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
@@ -5834,6 +6203,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5848,6 +6218,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
@@ -5862,6 +6233,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
@@ -5877,6 +6249,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
@@ -5892,6 +6265,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5906,6 +6280,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5920,6 +6295,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5933,6 +6309,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5946,6 +6323,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5953,6 +6331,7 @@
1 \
-s "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: no psk, no callback" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5962,6 +6341,7 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: callback overrides other settings" \
"$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5971,6 +6351,7 @@
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: first id matches" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5980,6 +6361,7 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: second id matches" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5989,6 +6371,7 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: no match" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -5998,6 +6381,7 @@
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "PSK callback: wrong key" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -6010,6 +6394,7 @@
# Tests for EC J-PAKE
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: client not configured" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -6024,6 +6409,7 @@
-S "SSL - The handshake negotiation failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: server not configured" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 ecjpake_pw=bla \
@@ -6039,6 +6425,7 @@
-s "SSL - The handshake negotiation failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, TLS" \
"$P_SRV debug_level=3 ecjpake_pw=bla" \
"$P_CLI debug_level=3 ecjpake_pw=bla \
@@ -6057,6 +6444,7 @@
server_needs_more_time 1
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: password mismatch, TLS" \
"$P_SRV debug_level=3 ecjpake_pw=bla" \
"$P_CLI debug_level=3 ecjpake_pw=bad \
@@ -6066,6 +6454,7 @@
-s "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
@@ -6075,6 +6464,7 @@
-S "SSL - Verification of the message MAC failed"
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, DTLS, no cookie" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
@@ -6085,6 +6475,7 @@
server_needs_more_time 1
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: password mismatch, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
@@ -6095,6 +6486,7 @@
# for tests with configs/config-thread.h
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ECJPAKE: working, DTLS, nolog" \
"$P_SRV dtls=1 ecjpake_pw=bla" \
"$P_CLI dtls=1 ecjpake_pw=bla \
@@ -6104,6 +6496,7 @@
# Test for ClientHello without extensions
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "ClientHello without extensions" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -6112,12 +6505,14 @@
# Tests for mbedtls_ssl_get_bytes_avail()
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
"$P_SRV" \
"$P_CLI request_size=100" \
0 \
-s "Read from client: 100 bytes read$"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "mbedtls_ssl_get_bytes_avail: extra data" \
"$P_SRV" \
"$P_CLI request_size=500" \
@@ -6126,6 +6521,7 @@
# Tests for small client packets
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls12 \
@@ -6133,6 +6529,7 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls12 \
@@ -6140,6 +6537,7 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls12 \
@@ -6147,6 +6545,7 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls12 \
@@ -6154,6 +6553,7 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls12 \
@@ -6164,6 +6564,7 @@
# Tests for small client packets in DTLS
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small client packet DTLS 1.2" \
"$P_SRV dtls=1 force_version=dtls12" \
"$P_CLI dtls=1 request_size=1 \
@@ -6172,6 +6573,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small client packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 force_version=dtls12 etm=0" \
"$P_CLI dtls=1 request_size=1 \
@@ -6181,6 +6583,7 @@
# Tests for small server packets
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls12 \
@@ -6188,6 +6591,7 @@
0 \
-c "Read from server: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls12 \
@@ -6195,6 +6599,7 @@
0 \
-c "Read from server: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls12 \
@@ -6202,6 +6607,7 @@
0 \
-c "Read from server: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small server packet TLS 1.2 AEAD" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls12 \
@@ -6209,6 +6615,7 @@
0 \
-c "Read from server: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small server packet TLS 1.2 AEAD shorter tag" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls12 \
@@ -6219,6 +6626,7 @@
# Tests for small server packets in DTLS
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small server packet DTLS 1.2" \
"$P_SRV dtls=1 response_size=1 force_version=dtls12" \
"$P_CLI dtls=1 \
@@ -6227,6 +6635,7 @@
-c "Read from server: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Small server packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \
"$P_CLI dtls=1 \
@@ -6241,6 +6650,7 @@
echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
}
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls12 \
@@ -6249,6 +6659,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls12 etm=0 \
@@ -6256,6 +6667,7 @@
0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls12 \
@@ -6264,6 +6676,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls12 \
@@ -6272,6 +6685,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls12 \
@@ -6281,6 +6695,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384.
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls12 \
@@ -6288,6 +6703,7 @@
0 \
-c "Read from server: 16384 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls12 etm=0 \
@@ -6296,6 +6712,7 @@
-s "16384 bytes written in 1 fragments" \
-c "Read from server: 16384 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls12 \
@@ -6303,6 +6720,7 @@
0 \
-c "Read from server: 16384 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV response_size=16384 trunc_hmac=1" \
"$P_CLI force_version=tls12 \
@@ -6311,6 +6729,7 @@
-s "16384 bytes written in 1 fragments" \
-c "Read from server: 16384 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large server packet TLS 1.2 AEAD" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls12 \
@@ -6318,6 +6737,7 @@
0 \
-c "Read from server: 16384 bytes read"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Large server packet TLS 1.2 AEAD shorter tag" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls12 \
@@ -6331,6 +6751,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, default" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6344,6 +6765,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=0" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6357,6 +6779,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6370,6 +6793,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6383,6 +6807,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
@@ -6401,6 +6826,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
@@ -6419,6 +6845,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
@@ -6437,6 +6864,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: DTLS, max_ops=1000" \
"$P_SRV curves=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6450,6 +6878,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000 no client auth" \
"$P_SRV curves=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -6462,6 +6891,7 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
"$P_SRV curves=secp256r1 psk=abc123" \
"$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
@@ -6475,6 +6905,7 @@
# Tests of asynchronous private key support in SSL
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=0" \
"$P_SRV \
async_operations=s async_private_delay1=0 async_private_delay2=0" \
@@ -6484,6 +6915,7 @@
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=1" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
@@ -6494,6 +6926,7 @@
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=2" \
"$P_SRV \
async_operations=s async_private_delay1=2 async_private_delay2=2" \
@@ -6507,6 +6940,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, SNI" \
"$P_SRV debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \
@@ -6521,6 +6955,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, delay=0" \
"$P_SRV \
async_operations=d async_private_delay1=0 async_private_delay2=0" \
@@ -6530,6 +6965,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, delay=1" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@@ -6540,6 +6976,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt RSA-PSK, delay=0" \
"$P_SRV psk=abc123 \
async_operations=d async_private_delay1=0 async_private_delay2=0" \
@@ -6550,6 +6987,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt RSA-PSK, delay=1" \
"$P_SRV psk=abc123 \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@@ -6561,6 +6999,7 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign callback not present" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@@ -6574,6 +7013,7 @@
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt callback not present" \
"$P_SRV debug_level=1 \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
@@ -6588,6 +7028,7 @@
# key1: ECDSA, key2: RSA; use key1 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: slot 0 used with key1" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
@@ -6601,6 +7042,7 @@
# key1: ECDSA, key2: RSA; use key2 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: slot 0 used with key2" \
"$P_SRV \
async_operations=s async_private_delay2=1 \
@@ -6614,6 +7056,7 @@
# key1: ECDSA, key2: RSA; use key2 from slot 1
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: slot 1 used with key2" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6627,6 +7070,7 @@
# key1: ECDSA, key2: RSA; use key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
@@ -6637,6 +7081,7 @@
-s "Async sign callback: no key matches this certificate."
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in start" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6649,6 +7094,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, cancel after start" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6660,6 +7106,7 @@
-s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in resume" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6672,6 +7119,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, error in start" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6684,6 +7132,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, cancel after start" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6695,6 +7144,7 @@
-s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: decrypt, error in resume" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6707,6 +7157,7 @@
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: cancel after start then operate correctly" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6719,6 +7170,7 @@
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: error in resume then operate correctly" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6731,6 +7183,7 @@
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: cancel after start then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-2 \
@@ -6749,6 +7202,7 @@
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in resume then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-3 \
@@ -6765,6 +7219,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: client-initiated, sign" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6776,6 +7231,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: server-initiated, sign" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@@ -6787,6 +7243,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: client-initiated, decrypt" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6799,6 +7256,7 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: server-initiated, decrypt" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1 \
@@ -6815,6 +7273,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the client side" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
@@ -6828,6 +7287,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the server side" \
"$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
"$P_CLI debug_level=3" \
@@ -6839,6 +7299,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the client side" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
@@ -6852,6 +7313,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SHA256_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the server side" \
"$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
"$P_CLI debug_level=3" \
@@ -6861,6 +7323,7 @@
# Tests for DTLS HelloVerifyRequest
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: enabled" \
"$P_SRV dtls=1 debug_level=2" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6872,6 +7335,7 @@
-s "hello verification requested" \
-S "SSL - The requested feature is not available"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: disabled" \
"$P_SRV dtls=1 debug_level=2 cookies=0" \
"$P_CLI dtls=1 debug_level=2" \
@@ -6883,6 +7347,7 @@
-S "hello verification requested" \
-S "SSL - The requested feature is not available"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: default (failing)" \
"$P_SRV dtls=1 debug_level=2 cookies=-1" \
"$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
@@ -6895,6 +7360,7 @@
-s "SSL - The requested feature is not available"
requires_ipv6
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: enabled, IPv6" \
"$P_SRV dtls=1 debug_level=2 server_addr=::1" \
"$P_CLI dtls=1 debug_level=2 server_addr=::1" \
@@ -6906,6 +7372,7 @@
-s "hello verification requested" \
-S "SSL - The requested feature is not available"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS cookie: enabled, nbio" \
"$P_SRV dtls=1 nbio=2 debug_level=2" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
@@ -6920,6 +7387,7 @@
# Tests for client reconnecting from the same port with DTLS
not_with_valgrind # spurious resend
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reference" \
"$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \
@@ -6929,6 +7397,7 @@
-S "Client initiated reconnection from same port"
not_with_valgrind # spurious resend
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reconnect" \
"$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \
@@ -6938,6 +7407,7 @@
-s "Client initiated reconnection from same port"
not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
@@ -6946,6 +7416,7 @@
-s "Client initiated reconnection from same port"
only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
"$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
@@ -6953,6 +7424,7 @@
-S "The operation timed out" \
-s "Client initiated reconnection from same port"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: no cookies" \
"$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
@@ -6960,6 +7432,7 @@
-s "The operation timed out" \
-S "Client initiated reconnection from same port"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client reconnect from same port: attacker-injected" \
-p "$P_PXY inject_clihlo=1" \
"$P_SRV dtls=1 exchanges=2 debug_level=1" \
@@ -6971,18 +7444,21 @@
# Tests for various cases of client authentication with DTLS
# (focused on handshake flows and message parsing)
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client auth: required" \
"$P_SRV dtls=1 auth_mode=required" \
"$P_CLI dtls=1" \
0 \
-s "Verifying peer X.509 certificate... ok"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client auth: optional, client has no cert" \
"$P_SRV dtls=1 auth_mode=optional" \
"$P_CLI dtls=1 crt_file=none key_file=none" \
0 \
-s "! Certificate was missing"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS client auth: none, client has no cert" \
"$P_SRV dtls=1 auth_mode=none" \
"$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
@@ -6990,6 +7466,7 @@
-c "skip write certificate$" \
-s "! Certificate verification was skipped"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS wrong PSK: badmac alert" \
"$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
"$P_CLI dtls=1 psk=abc124" \
@@ -7000,6 +7477,7 @@
# Tests for receiving fragmented handshake messages with DTLS
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: no fragmentation (gnutls server)" \
"$G_SRV -u --mtu 2048 -a" \
"$P_CLI dtls=1 debug_level=2" \
@@ -7008,6 +7486,7 @@
-C "error"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (gnutls server)" \
"$G_SRV -u --mtu 512" \
"$P_CLI dtls=1 debug_level=2" \
@@ -7016,6 +7495,7 @@
-C "error"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (gnutls server)" \
"$G_SRV -u --mtu 128" \
"$P_CLI dtls=1 debug_level=2" \
@@ -7024,6 +7504,7 @@
-C "error"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
"$G_SRV -u --mtu 128" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
@@ -7033,6 +7514,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
@@ -7047,6 +7529,7 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
"$G_SRV -u --mtu 256" \
"$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
@@ -7059,6 +7542,7 @@
-C "error" \
-s "Extra-header:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: no fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 2048" \
"$P_CLI dtls=1 debug_level=2" \
@@ -7066,6 +7550,7 @@
-C "found fragmented DTLS handshake message" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 768" \
"$P_CLI dtls=1 debug_level=2" \
@@ -7073,6 +7558,7 @@
-c "found fragmented DTLS handshake message" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 debug_level=2" \
@@ -7080,6 +7566,7 @@
-c "found fragmented DTLS handshake message" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
@@ -7104,6 +7591,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7125,6 +7613,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7150,6 +7639,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7171,6 +7661,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
crt_file=data_files/server7_int-ca.crt \
@@ -7199,6 +7690,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
@@ -7221,6 +7713,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7249,6 +7742,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7270,6 +7764,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference) (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7290,6 +7785,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 4096
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7310,6 +7806,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
crt_file=data_files/server7_int-ca.crt \
@@ -7330,6 +7827,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7356,6 +7854,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7388,6 +7887,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7413,6 +7913,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7437,6 +7938,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7467,6 +7969,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7491,6 +7994,7 @@
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7518,6 +8022,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7555,6 +8060,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7585,6 +8091,7 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_CHACHAPOLY_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7618,6 +8125,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7651,6 +8159,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CCM_C
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7685,6 +8194,7 @@
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7718,6 +8228,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7748,6 +8259,7 @@
requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU + 3d" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
@@ -7773,6 +8285,7 @@
requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
@@ -7799,6 +8312,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_gnutls
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
@@ -7823,6 +8337,7 @@
requires_gnutls
requires_not_i686
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
@@ -7837,6 +8352,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
@@ -7852,6 +8368,7 @@
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
@@ -7872,6 +8389,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
@@ -7890,6 +8408,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
@@ -7912,6 +8431,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_SRV -dtls1_2 -verify 10" \
@@ -7930,6 +8450,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
client_needs_more_time 4
requires_max_content_len 2048
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
@@ -7942,6 +8463,7 @@
# Tests for DTLS-SRTP (RFC 5764)
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported" \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7961,6 +8483,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \
@@ -7979,6 +8502,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -7997,6 +8521,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8015,6 +8540,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
@@ -8032,6 +8558,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension." \
"$P_SRV dtls=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8047,6 +8574,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. mki used" \
"$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -8069,6 +8597,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -8092,6 +8621,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -8105,6 +8635,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -8118,6 +8649,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -8131,6 +8663,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -8144,6 +8677,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -8157,6 +8691,7 @@
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -8169,6 +8704,7 @@
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \
"$P_SRV dtls=1 debug_level=3" \
"$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
@@ -8179,6 +8715,7 @@
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. openssl server" \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8191,6 +8728,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8203,6 +8741,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8215,6 +8754,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8227,6 +8767,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8239,6 +8780,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
@@ -8251,6 +8793,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \
"$O_SRV -dtls" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8263,6 +8806,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \
"$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -8279,6 +8823,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
@@ -8292,6 +8837,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8305,6 +8851,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8318,6 +8865,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
@@ -8331,6 +8879,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8344,6 +8893,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
@@ -8357,6 +8907,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \
"$P_SRV dtls=1 debug_level=3" \
"$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
@@ -8368,6 +8919,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. gnutls server" \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8381,6 +8933,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8394,6 +8947,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8407,6 +8961,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8420,6 +8975,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
@@ -8433,6 +8989,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
@@ -8446,6 +9003,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \
"$G_SRV -u" \
"$P_CLI dtls=1 use_srtp=1 debug_level=3" \
@@ -8459,6 +9017,7 @@
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
"$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
@@ -8476,6 +9035,7 @@
# Tests for specific things with "unreliable" UDP connection
not_with_valgrind # spurious resend due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: reference" \
-p "$P_PXY" \
"$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \
@@ -8494,6 +9054,7 @@
-c "HTTP/1.0 200 OK"
not_with_valgrind # spurious resend due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: duplicate every packet" \
-p "$P_PXY duplicate=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \
@@ -8507,6 +9068,7 @@
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
-p "$P_PXY duplicate=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
@@ -8521,6 +9083,7 @@
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: multiple records in same datagram" \
-p "$P_PXY pack=50" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
@@ -8529,6 +9092,7 @@
-c "next record in same datagram" \
-s "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
-p "$P_PXY pack=50 duplicate=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
@@ -8537,6 +9101,7 @@
-c "next record in same datagram" \
-s "next record in same datagram"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
@@ -8549,6 +9114,7 @@
-S "too many records with bad MAC" \
-S "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
@@ -8561,6 +9127,7 @@
-s "too many records with bad MAC" \
-s "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
@@ -8573,6 +9140,7 @@
-S "too many records with bad MAC" \
-S "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
@@ -8585,6 +9153,7 @@
-s "too many records with bad MAC" \
-s "Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: delay ChangeCipherSpec" \
-p "$P_PXY delay_ccs=1" \
"$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
@@ -8597,6 +9166,7 @@
# Tests for reordering support with DTLS
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8613,6 +9183,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
-p "$P_PXY delay_srv=ServerHello" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8636,6 +9207,7 @@
# in size, so that the bound below ensures that the certificate can be reassembled
# while keeping the ServerKeyExchange.
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8658,6 +9230,7 @@
# when dropping it first.
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8675,6 +9248,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
-p "$P_PXY delay_cli=Certificate" \
"$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
@@ -8691,6 +9265,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
-p "$P_PXY delay_srv=NewSessionTicket" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8707,6 +9282,7 @@
-S "Injecting buffered CCS message" \
-S "Remember CCS message"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
-p "$P_PXY delay_cli=ClientKeyExchange" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8723,6 +9299,7 @@
-s "Injecting buffered CCS message" \
-s "Remember CCS message"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer encrypted Finished message" \
-p "$P_PXY delay_ccs=1" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -8752,6 +9329,7 @@
# handshake, omitting CRTs.
requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
-p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
"$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
@@ -8766,6 +9344,7 @@
# Tests for "randomly unreliable connection": try a variety of flows and peers
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8777,6 +9356,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
@@ -8787,6 +9367,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
@@ -8796,6 +9377,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, FS, client auth" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
@@ -8805,6 +9387,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, FS, ticket" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
@@ -8814,6 +9397,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
@@ -8823,6 +9407,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 2
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, max handshake, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
@@ -8833,6 +9418,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, resumption" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8847,6 +9433,7 @@
-c "HTTP/1.0 200 OK"
client_needs_more_time 4
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8862,6 +9449,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8877,6 +9465,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8892,6 +9481,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8908,6 +9498,7 @@
client_needs_more_time 4
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
@@ -8930,6 +9521,7 @@
skip_next_test
client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 2048" \
@@ -8940,6 +9532,7 @@
skip_next_test # see above
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
@@ -8950,6 +9543,7 @@
skip_next_test # see above
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
@@ -8960,6 +9554,7 @@
requires_gnutls
client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 2048 -a" \
@@ -8971,6 +9566,7 @@
requires_gnutls_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
@@ -8982,6 +9578,7 @@
requires_gnutls_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
@@ -8990,6 +9587,7 @@
-s "Extra-header:" \
-c "Extra-header:"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "export keys functionality" \
"$P_SRV eap_tls=1 debug_level=3" \
"$P_CLI eap_tls=1 debug_level=3" \
@@ -9033,7 +9631,6 @@
-s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3: handshake dispatch test: tls13 only" \
"$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \
@@ -9331,6 +9928,7 @@
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
# Test heap memory usage after handshake
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_MEMORY_DEBUG
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 0a2f366..eb1b8f4 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -104,111 +104,147 @@
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER
Test moving clients handshake to state: HELLO_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HELLO_REQUEST:1
Test moving clients handshake to state: CLIENT_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving clients handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
Test moving clients handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving clients handshake to state: SERVER_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving clients handshake to state: SERVER_HELLO_DONE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving clients handshake to state: CLIENT_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_VERIFY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: CLIENT_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: SERVER_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving clients handshake to state: FLUSH_BUFFERS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving clients handshake to state: HANDSHAKE_WRAPUP
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving clients handshake to state: HANDSHAKE_OVER
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
Test moving servers handshake to state: HELLO_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HELLO_REQUEST:1
Test moving servers handshake to state: CLIENT_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving servers handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
Test moving servers handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving servers handshake to state: SERVER_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving servers handshake to state: SERVER_HELLO_DONE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving servers handshake to state: CLIENT_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_VERIFY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: CLIENT_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: SERVER_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving servers handshake to state: FLUSH_BUFFERS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving servers handshake to state: HANDSHAKE_WRAPUP
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving servers handshake to state: HANDSHAKE_OVER
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0
Negative test moving servers ssl to state: NEW_SESSION_TICKET
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
Handshake, tls1_2
@@ -272,9 +308,11 @@
handshake_serialization
DTLS Handshake fragmentation, MFL=512
+depends_on:MBEDTLS_SSL_PROTO_DTLS
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1
DTLS Handshake fragmentation, MFL=1024
+depends_on:MBEDTLS_SSL_PROTO_DTLS
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
Handshake min/max version check, all -> 1.2
@@ -619,15 +657,19 @@
ssl_set_hostname_twice:"server0":"server1"
SSL session serialization: Wrong major version
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:1:0:0:0
SSL session serialization: Wrong minor version
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:1:0:0
SSL session serialization: Wrong patch version
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:1:0
SSL session serialization: Wrong config
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_session_serialize_version_check:0:0:0:1
Record crypt, AES-128-CBC, 1.2, SHA-384
@@ -4609,95 +4651,99 @@
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
Session serialization, save-load: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:""
Session serialization, save-load: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:""
Session serialization, save-load: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:""
Session serialization, save-load: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:"data_files/server5.crt"
Session serialization, save-load: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:"data_files/server5.crt"
Session serialization, save-load: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:"data_files/server5.crt"
Session serialization, load-save: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:""
Session serialization, load-save: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:42:""
Session serialization, load-save: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:1023:""
Session serialization, load-save: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:"data_files/server5.crt"
Session serialization, load-save: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:42:"data_files/server5.crt"
Session serialization, load-save: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_save:1023:"data_files/server5.crt"
Session serialization, save buffer size: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:""
Session serialization, save buffer size: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:42:""
Session serialization, save buffer size: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:1023:""
Session serialization, save buffer size: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt"
Session serialization, save buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt"
Session serialization, save buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt"
Session serialization, load buffer size: no ticket, no cert
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_buf_size:0:""
Session serialization, load buffer size: small ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:42:""
Session serialization, load buffer size: large ticket, no cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:1023:""
Session serialization, load buffer size: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt"
Session serialization, load buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt"
Session serialization, load buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt"
Constant-flow HMAC: MD5
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index fd1ff84..cb66f3a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1187,6 +1187,7 @@
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
@@ -1227,6 +1228,7 @@
iv, iv_len, input, ilen, output, olen );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
@@ -4301,7 +4303,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */
void ssl_tls_prf( int type, data_t * secret, data_t * random,
char *label, data_t *result_str, int exp_ret )
{
@@ -5139,9 +5141,13 @@
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_ssl_conf_max_version( &conf, 3, 3 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+#else
+ mbedtls_ssl_conf_max_version( &conf, 3, 4 );
+ mbedtls_ssl_conf_min_version( &conf, 3, 4 );
+#endif
mbedtls_ssl_conf_curves( &conf, curve_list );
mbedtls_ssl_context ssl;